1/* Cluster IP hashmark target 2 * (C) 2003-2004 by Harald Welte <laforge@netfilter.org> 3 * based on ideas of Fabio Olive Leite <olive@unixforge.org> 4 * 5 * Development of this code funded by SuSE Linux AG, http://www.suse.com/ 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 * 11 */ 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13#include <linux/module.h> 14#include <linux/proc_fs.h> 15#include <linux/jhash.h> 16#include <linux/bitops.h> 17#include <linux/skbuff.h> 18#include <linux/slab.h> 19#include <linux/ip.h> 20#include <linux/tcp.h> 21#include <linux/udp.h> 22#include <linux/icmp.h> 23#include <linux/if_arp.h> 24#include <linux/seq_file.h> 25#include <linux/netfilter_arp.h> 26#include <linux/netfilter/x_tables.h> 27#include <linux/netfilter_ipv4/ip_tables.h> 28#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h> 29#include <net/netfilter/nf_conntrack.h> 30#include <net/net_namespace.h> 31#include <net/netns/generic.h> 32#include <net/checksum.h> 33#include <net/ip.h> 34 35#define CLUSTERIP_VERSION "0.8" 36 37MODULE_LICENSE("GPL"); 38MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 39MODULE_DESCRIPTION("Xtables: CLUSTERIP target"); 40 41struct clusterip_config { 42 struct list_head list; /* list of all configs */ 43 atomic_t refcount; /* reference count */ 44 atomic_t entries; /* number of entries/rules 45 * referencing us */ 46 47 __be32 clusterip; /* the IP address */ 48 u_int8_t clustermac[ETH_ALEN]; /* the MAC address */ 49 struct net_device *dev; /* device */ 50 u_int16_t num_total_nodes; /* total number of nodes */ 51 unsigned long local_nodes; /* node number array */ 52 53#ifdef CONFIG_PROC_FS 54 struct proc_dir_entry *pde; /* proc dir entry */ 55#endif 56 enum clusterip_hashmode hash_mode; /* which hashing mode */ 57 u_int32_t hash_initval; /* hash initialization */ 58 struct rcu_head rcu; 59}; 60 61#ifdef CONFIG_PROC_FS 62static const struct file_operations clusterip_proc_fops; 63#endif 64 65static int clusterip_net_id __read_mostly; 66 67struct clusterip_net { 68 struct list_head configs; 69 /* lock protects the configs list */ 70 spinlock_t lock; 71 72#ifdef CONFIG_PROC_FS 73 struct proc_dir_entry *procdir; 74#endif 75}; 76 77static inline void 78clusterip_config_get(struct clusterip_config *c) 79{ 80 atomic_inc(&c->refcount); 81} 82 83 84static void clusterip_config_rcu_free(struct rcu_head *head) 85{ 86 kfree(container_of(head, struct clusterip_config, rcu)); 87} 88 89static inline void 90clusterip_config_put(struct clusterip_config *c) 91{ 92 if (atomic_dec_and_test(&c->refcount)) 93 call_rcu_bh(&c->rcu, clusterip_config_rcu_free); 94} 95 96/* decrease the count of entries using/referencing this config. If last 97 * entry(rule) is removed, remove the config from lists, but don't free it 98 * yet, since proc-files could still be holding references */ 99static inline void 100clusterip_config_entry_put(struct clusterip_config *c) 101{ 102 struct net *net = dev_net(c->dev); 103 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 104 105 local_bh_disable(); 106 if (atomic_dec_and_lock(&c->entries, &cn->lock)) { 107 list_del_rcu(&c->list); 108 spin_unlock(&cn->lock); 109 local_bh_enable(); 110 111 dev_mc_del(c->dev, c->clustermac); 112 dev_put(c->dev); 113 114 /* In case anyone still accesses the file, the open/close 115 * functions are also incrementing the refcount on their own, 116 * so it's safe to remove the entry even if it's in use. */ 117#ifdef CONFIG_PROC_FS 118 proc_remove(c->pde); 119#endif 120 return; 121 } 122 local_bh_enable(); 123} 124 125static struct clusterip_config * 126__clusterip_config_find(struct net *net, __be32 clusterip) 127{ 128 struct clusterip_config *c; 129 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 130 131 list_for_each_entry_rcu(c, &cn->configs, list) { 132 if (c->clusterip == clusterip) 133 return c; 134 } 135 136 return NULL; 137} 138 139static inline struct clusterip_config * 140clusterip_config_find_get(struct net *net, __be32 clusterip, int entry) 141{ 142 struct clusterip_config *c; 143 144 rcu_read_lock_bh(); 145 c = __clusterip_config_find(net, clusterip); 146 if (c) { 147 if (unlikely(!atomic_inc_not_zero(&c->refcount))) 148 c = NULL; 149 else if (entry) 150 atomic_inc(&c->entries); 151 } 152 rcu_read_unlock_bh(); 153 154 return c; 155} 156 157static void 158clusterip_config_init_nodelist(struct clusterip_config *c, 159 const struct ipt_clusterip_tgt_info *i) 160{ 161 int n; 162 163 for (n = 0; n < i->num_local_nodes; n++) 164 set_bit(i->local_nodes[n] - 1, &c->local_nodes); 165} 166 167static struct clusterip_config * 168clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip, 169 struct net_device *dev) 170{ 171 struct clusterip_config *c; 172 struct clusterip_net *cn = net_generic(dev_net(dev), clusterip_net_id); 173 174 c = kzalloc(sizeof(*c), GFP_ATOMIC); 175 if (!c) 176 return NULL; 177 178 c->dev = dev; 179 c->clusterip = ip; 180 memcpy(&c->clustermac, &i->clustermac, ETH_ALEN); 181 c->num_total_nodes = i->num_total_nodes; 182 clusterip_config_init_nodelist(c, i); 183 c->hash_mode = i->hash_mode; 184 c->hash_initval = i->hash_initval; 185 atomic_set(&c->refcount, 1); 186 atomic_set(&c->entries, 1); 187 188#ifdef CONFIG_PROC_FS 189 { 190 char buffer[16]; 191 192 /* create proc dir entry */ 193 sprintf(buffer, "%pI4", &ip); 194 c->pde = proc_create_data(buffer, S_IWUSR|S_IRUSR, 195 cn->procdir, 196 &clusterip_proc_fops, c); 197 if (!c->pde) { 198 kfree(c); 199 return NULL; 200 } 201 } 202#endif 203 204 spin_lock_bh(&cn->lock); 205 list_add_rcu(&c->list, &cn->configs); 206 spin_unlock_bh(&cn->lock); 207 208 return c; 209} 210 211#ifdef CONFIG_PROC_FS 212static int 213clusterip_add_node(struct clusterip_config *c, u_int16_t nodenum) 214{ 215 216 if (nodenum == 0 || 217 nodenum > c->num_total_nodes) 218 return 1; 219 220 /* check if we already have this number in our bitfield */ 221 if (test_and_set_bit(nodenum - 1, &c->local_nodes)) 222 return 1; 223 224 return 0; 225} 226 227static bool 228clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) 229{ 230 if (nodenum == 0 || 231 nodenum > c->num_total_nodes) 232 return true; 233 234 if (test_and_clear_bit(nodenum - 1, &c->local_nodes)) 235 return false; 236 237 return true; 238} 239#endif 240 241static inline u_int32_t 242clusterip_hashfn(const struct sk_buff *skb, 243 const struct clusterip_config *config) 244{ 245 const struct iphdr *iph = ip_hdr(skb); 246 unsigned long hashval; 247 u_int16_t sport = 0, dport = 0; 248 int poff; 249 250 poff = proto_ports_offset(iph->protocol); 251 if (poff >= 0) { 252 const u_int16_t *ports; 253 u16 _ports[2]; 254 255 ports = skb_header_pointer(skb, iph->ihl * 4 + poff, 4, _ports); 256 if (ports) { 257 sport = ports[0]; 258 dport = ports[1]; 259 } 260 } else { 261 net_info_ratelimited("unknown protocol %u\n", iph->protocol); 262 } 263 264 switch (config->hash_mode) { 265 case CLUSTERIP_HASHMODE_SIP: 266 hashval = jhash_1word(ntohl(iph->saddr), 267 config->hash_initval); 268 break; 269 case CLUSTERIP_HASHMODE_SIP_SPT: 270 hashval = jhash_2words(ntohl(iph->saddr), sport, 271 config->hash_initval); 272 break; 273 case CLUSTERIP_HASHMODE_SIP_SPT_DPT: 274 hashval = jhash_3words(ntohl(iph->saddr), sport, dport, 275 config->hash_initval); 276 break; 277 default: 278 /* to make gcc happy */ 279 hashval = 0; 280 /* This cannot happen, unless the check function wasn't called 281 * at rule load time */ 282 pr_info("unknown mode %u\n", config->hash_mode); 283 BUG(); 284 break; 285 } 286 287 /* node numbers are 1..n, not 0..n */ 288 return reciprocal_scale(hashval, config->num_total_nodes) + 1; 289} 290 291static inline int 292clusterip_responsible(const struct clusterip_config *config, u_int32_t hash) 293{ 294 return test_bit(hash - 1, &config->local_nodes); 295} 296 297/*********************************************************************** 298 * IPTABLES TARGET 299 ***********************************************************************/ 300 301static unsigned int 302clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par) 303{ 304 const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 305 struct nf_conn *ct; 306 enum ip_conntrack_info ctinfo; 307 u_int32_t hash; 308 309 /* don't need to clusterip_config_get() here, since refcount 310 * is only decremented by destroy() - and ip_tables guarantees 311 * that the ->target() function isn't called after ->destroy() */ 312 313 ct = nf_ct_get(skb, &ctinfo); 314 if (ct == NULL) 315 return NF_DROP; 316 317 /* special case: ICMP error handling. conntrack distinguishes between 318 * error messages (RELATED) and information requests (see below) */ 319 if (ip_hdr(skb)->protocol == IPPROTO_ICMP && 320 (ctinfo == IP_CT_RELATED || 321 ctinfo == IP_CT_RELATED_REPLY)) 322 return XT_CONTINUE; 323 324 /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, 325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here 326 * on, which all have an ID field [relevant for hashing]. */ 327 328 hash = clusterip_hashfn(skb, cipinfo->config); 329 330 switch (ctinfo) { 331 case IP_CT_NEW: 332 ct->mark = hash; 333 break; 334 case IP_CT_RELATED: 335 case IP_CT_RELATED_REPLY: 336 /* FIXME: we don't handle expectations at the moment. 337 * They can arrive on a different node than 338 * the master connection (e.g. FTP passive mode) */ 339 case IP_CT_ESTABLISHED: 340 case IP_CT_ESTABLISHED_REPLY: 341 break; 342 default: /* Prevent gcc warnings */ 343 break; 344 } 345 346#ifdef DEBUG 347 nf_ct_dump_tuple_ip(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 348#endif 349 pr_debug("hash=%u ct_hash=%u ", hash, ct->mark); 350 if (!clusterip_responsible(cipinfo->config, hash)) { 351 pr_debug("not responsible\n"); 352 return NF_DROP; 353 } 354 pr_debug("responsible\n"); 355 356 /* despite being received via linklayer multicast, this is 357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ 358 skb->pkt_type = PACKET_HOST; 359 360 return XT_CONTINUE; 361} 362 363static int clusterip_tg_check(const struct xt_tgchk_param *par) 364{ 365 struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 366 const struct ipt_entry *e = par->entryinfo; 367 struct clusterip_config *config; 368 int ret; 369 370 if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP && 371 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && 372 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { 373 pr_info("unknown mode %u\n", cipinfo->hash_mode); 374 return -EINVAL; 375 376 } 377 if (e->ip.dmsk.s_addr != htonl(0xffffffff) || 378 e->ip.dst.s_addr == 0) { 379 pr_info("Please specify destination IP\n"); 380 return -EINVAL; 381 } 382 383 /* FIXME: further sanity checks */ 384 385 config = clusterip_config_find_get(par->net, e->ip.dst.s_addr, 1); 386 if (!config) { 387 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { 388 pr_info("no config found for %pI4, need 'new'\n", 389 &e->ip.dst.s_addr); 390 return -EINVAL; 391 } else { 392 struct net_device *dev; 393 394 if (e->ip.iniface[0] == '\0') { 395 pr_info("Please specify an interface name\n"); 396 return -EINVAL; 397 } 398 399 dev = dev_get_by_name(par->net, e->ip.iniface); 400 if (!dev) { 401 pr_info("no such interface %s\n", 402 e->ip.iniface); 403 return -ENOENT; 404 } 405 406 config = clusterip_config_init(cipinfo, 407 e->ip.dst.s_addr, dev); 408 if (!config) { 409 dev_put(dev); 410 return -ENOMEM; 411 } 412 dev_mc_add(config->dev, config->clustermac); 413 } 414 } 415 cipinfo->config = config; 416 417 ret = nf_ct_l3proto_try_module_get(par->family); 418 if (ret < 0) 419 pr_info("cannot load conntrack support for proto=%u\n", 420 par->family); 421 422 if (!par->net->xt.clusterip_deprecated_warning) { 423 pr_info("ipt_CLUSTERIP is deprecated and it will removed soon, " 424 "use xt_cluster instead\n"); 425 par->net->xt.clusterip_deprecated_warning = true; 426 } 427 428 return ret; 429} 430 431/* drop reference count of cluster config when rule is deleted */ 432static void clusterip_tg_destroy(const struct xt_tgdtor_param *par) 433{ 434 const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 435 436 /* if no more entries are referencing the config, remove it 437 * from the list and destroy the proc entry */ 438 clusterip_config_entry_put(cipinfo->config); 439 440 clusterip_config_put(cipinfo->config); 441 442 nf_ct_l3proto_module_put(par->family); 443} 444 445#ifdef CONFIG_COMPAT 446struct compat_ipt_clusterip_tgt_info 447{ 448 u_int32_t flags; 449 u_int8_t clustermac[6]; 450 u_int16_t num_total_nodes; 451 u_int16_t num_local_nodes; 452 u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; 453 u_int32_t hash_mode; 454 u_int32_t hash_initval; 455 compat_uptr_t config; 456}; 457#endif /* CONFIG_COMPAT */ 458 459static struct xt_target clusterip_tg_reg __read_mostly = { 460 .name = "CLUSTERIP", 461 .family = NFPROTO_IPV4, 462 .target = clusterip_tg, 463 .checkentry = clusterip_tg_check, 464 .destroy = clusterip_tg_destroy, 465 .targetsize = sizeof(struct ipt_clusterip_tgt_info), 466#ifdef CONFIG_COMPAT 467 .compatsize = sizeof(struct compat_ipt_clusterip_tgt_info), 468#endif /* CONFIG_COMPAT */ 469 .me = THIS_MODULE 470}; 471 472 473/*********************************************************************** 474 * ARP MANGLING CODE 475 ***********************************************************************/ 476 477/* hardcoded for 48bit ethernet and 32bit ipv4 addresses */ 478struct arp_payload { 479 u_int8_t src_hw[ETH_ALEN]; 480 __be32 src_ip; 481 u_int8_t dst_hw[ETH_ALEN]; 482 __be32 dst_ip; 483} __packed; 484 485#ifdef DEBUG 486static void arp_print(struct arp_payload *payload) 487{ 488#define HBUFFERLEN 30 489 char hbuffer[HBUFFERLEN]; 490 int j,k; 491 492 for (k=0, j=0; k < HBUFFERLEN-3 && j < ETH_ALEN; j++) { 493 hbuffer[k++] = hex_asc_hi(payload->src_hw[j]); 494 hbuffer[k++] = hex_asc_lo(payload->src_hw[j]); 495 hbuffer[k++]=':'; 496 } 497 hbuffer[--k]='\0'; 498 499 pr_debug("src %pI4@%s, dst %pI4\n", 500 &payload->src_ip, hbuffer, &payload->dst_ip); 501} 502#endif 503 504static unsigned int 505arp_mangle(const struct nf_hook_ops *ops, 506 struct sk_buff *skb, 507 const struct nf_hook_state *state) 508{ 509 struct arphdr *arp = arp_hdr(skb); 510 struct arp_payload *payload; 511 struct clusterip_config *c; 512 struct net *net = dev_net(state->in ? state->in : state->out); 513 514 /* we don't care about non-ethernet and non-ipv4 ARP */ 515 if (arp->ar_hrd != htons(ARPHRD_ETHER) || 516 arp->ar_pro != htons(ETH_P_IP) || 517 arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN) 518 return NF_ACCEPT; 519 520 /* we only want to mangle arp requests and replies */ 521 if (arp->ar_op != htons(ARPOP_REPLY) && 522 arp->ar_op != htons(ARPOP_REQUEST)) 523 return NF_ACCEPT; 524 525 payload = (void *)(arp+1); 526 527 /* if there is no clusterip configuration for the arp reply's 528 * source ip, we don't want to mangle it */ 529 c = clusterip_config_find_get(net, payload->src_ip, 0); 530 if (!c) 531 return NF_ACCEPT; 532 533 /* normally the linux kernel always replies to arp queries of 534 * addresses on different interfacs. However, in the CLUSTERIP case 535 * this wouldn't work, since we didn't subscribe the mcast group on 536 * other interfaces */ 537 if (c->dev != state->out) { 538 pr_debug("not mangling arp reply on different " 539 "interface: cip'%s'-skb'%s'\n", 540 c->dev->name, state->out->name); 541 clusterip_config_put(c); 542 return NF_ACCEPT; 543 } 544 545 /* mangle reply hardware address */ 546 memcpy(payload->src_hw, c->clustermac, arp->ar_hln); 547 548#ifdef DEBUG 549 pr_debug("mangled arp reply: "); 550 arp_print(payload); 551#endif 552 553 clusterip_config_put(c); 554 555 return NF_ACCEPT; 556} 557 558static struct nf_hook_ops cip_arp_ops __read_mostly = { 559 .hook = arp_mangle, 560 .pf = NFPROTO_ARP, 561 .hooknum = NF_ARP_OUT, 562 .priority = -1 563}; 564 565/*********************************************************************** 566 * PROC DIR HANDLING 567 ***********************************************************************/ 568 569#ifdef CONFIG_PROC_FS 570 571struct clusterip_seq_position { 572 unsigned int pos; /* position */ 573 unsigned int weight; /* number of bits set == size */ 574 unsigned int bit; /* current bit */ 575 unsigned long val; /* current value */ 576}; 577 578static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) 579{ 580 struct clusterip_config *c = s->private; 581 unsigned int weight; 582 u_int32_t local_nodes; 583 struct clusterip_seq_position *idx; 584 585 /* FIXME: possible race */ 586 local_nodes = c->local_nodes; 587 weight = hweight32(local_nodes); 588 if (*pos >= weight) 589 return NULL; 590 591 idx = kmalloc(sizeof(struct clusterip_seq_position), GFP_KERNEL); 592 if (!idx) 593 return ERR_PTR(-ENOMEM); 594 595 idx->pos = *pos; 596 idx->weight = weight; 597 idx->bit = ffs(local_nodes); 598 idx->val = local_nodes; 599 clear_bit(idx->bit - 1, &idx->val); 600 601 return idx; 602} 603 604static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos) 605{ 606 struct clusterip_seq_position *idx = v; 607 608 *pos = ++idx->pos; 609 if (*pos >= idx->weight) { 610 kfree(v); 611 return NULL; 612 } 613 idx->bit = ffs(idx->val); 614 clear_bit(idx->bit - 1, &idx->val); 615 return idx; 616} 617 618static void clusterip_seq_stop(struct seq_file *s, void *v) 619{ 620 if (!IS_ERR(v)) 621 kfree(v); 622} 623 624static int clusterip_seq_show(struct seq_file *s, void *v) 625{ 626 struct clusterip_seq_position *idx = v; 627 628 if (idx->pos != 0) 629 seq_putc(s, ','); 630 631 seq_printf(s, "%u", idx->bit); 632 633 if (idx->pos == idx->weight - 1) 634 seq_putc(s, '\n'); 635 636 return 0; 637} 638 639static const struct seq_operations clusterip_seq_ops = { 640 .start = clusterip_seq_start, 641 .next = clusterip_seq_next, 642 .stop = clusterip_seq_stop, 643 .show = clusterip_seq_show, 644}; 645 646static int clusterip_proc_open(struct inode *inode, struct file *file) 647{ 648 int ret = seq_open(file, &clusterip_seq_ops); 649 650 if (!ret) { 651 struct seq_file *sf = file->private_data; 652 struct clusterip_config *c = PDE_DATA(inode); 653 654 sf->private = c; 655 656 clusterip_config_get(c); 657 } 658 659 return ret; 660} 661 662static int clusterip_proc_release(struct inode *inode, struct file *file) 663{ 664 struct clusterip_config *c = PDE_DATA(inode); 665 int ret; 666 667 ret = seq_release(inode, file); 668 669 if (!ret) 670 clusterip_config_put(c); 671 672 return ret; 673} 674 675static ssize_t clusterip_proc_write(struct file *file, const char __user *input, 676 size_t size, loff_t *ofs) 677{ 678 struct clusterip_config *c = PDE_DATA(file_inode(file)); 679#define PROC_WRITELEN 10 680 char buffer[PROC_WRITELEN+1]; 681 unsigned long nodenum; 682 int rc; 683 684 if (size > PROC_WRITELEN) 685 return -EIO; 686 if (copy_from_user(buffer, input, size)) 687 return -EFAULT; 688 buffer[size] = 0; 689 690 if (*buffer == '+') { 691 rc = kstrtoul(buffer+1, 10, &nodenum); 692 if (rc) 693 return rc; 694 if (clusterip_add_node(c, nodenum)) 695 return -ENOMEM; 696 } else if (*buffer == '-') { 697 rc = kstrtoul(buffer+1, 10, &nodenum); 698 if (rc) 699 return rc; 700 if (clusterip_del_node(c, nodenum)) 701 return -ENOENT; 702 } else 703 return -EIO; 704 705 return size; 706} 707 708static const struct file_operations clusterip_proc_fops = { 709 .owner = THIS_MODULE, 710 .open = clusterip_proc_open, 711 .read = seq_read, 712 .write = clusterip_proc_write, 713 .llseek = seq_lseek, 714 .release = clusterip_proc_release, 715}; 716 717#endif /* CONFIG_PROC_FS */ 718 719static int clusterip_net_init(struct net *net) 720{ 721 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 722 723 INIT_LIST_HEAD(&cn->configs); 724 725 spin_lock_init(&cn->lock); 726 727#ifdef CONFIG_PROC_FS 728 cn->procdir = proc_mkdir("ipt_CLUSTERIP", net->proc_net); 729 if (!cn->procdir) { 730 pr_err("Unable to proc dir entry\n"); 731 return -ENOMEM; 732 } 733#endif /* CONFIG_PROC_FS */ 734 735 return 0; 736} 737 738static void clusterip_net_exit(struct net *net) 739{ 740#ifdef CONFIG_PROC_FS 741 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 742 proc_remove(cn->procdir); 743#endif 744} 745 746static struct pernet_operations clusterip_net_ops = { 747 .init = clusterip_net_init, 748 .exit = clusterip_net_exit, 749 .id = &clusterip_net_id, 750 .size = sizeof(struct clusterip_net), 751}; 752 753static int __init clusterip_tg_init(void) 754{ 755 int ret; 756 757 ret = register_pernet_subsys(&clusterip_net_ops); 758 if (ret < 0) 759 return ret; 760 761 ret = xt_register_target(&clusterip_tg_reg); 762 if (ret < 0) 763 goto cleanup_subsys; 764 765 ret = nf_register_hook(&cip_arp_ops); 766 if (ret < 0) 767 goto cleanup_target; 768 769 pr_info("ClusterIP Version %s loaded successfully\n", 770 CLUSTERIP_VERSION); 771 772 return 0; 773 774cleanup_target: 775 xt_unregister_target(&clusterip_tg_reg); 776cleanup_subsys: 777 unregister_pernet_subsys(&clusterip_net_ops); 778 return ret; 779} 780 781static void __exit clusterip_tg_exit(void) 782{ 783 pr_info("ClusterIP Version %s unloading\n", CLUSTERIP_VERSION); 784 785 nf_unregister_hook(&cip_arp_ops); 786 xt_unregister_target(&clusterip_tg_reg); 787 unregister_pernet_subsys(&clusterip_net_ops); 788 789 /* Wait for completion of call_rcu_bh()'s (clusterip_config_rcu_free) */ 790 rcu_barrier_bh(); 791} 792 793module_init(clusterip_tg_init); 794module_exit(clusterip_tg_exit); 795