1/* Cluster IP hashmark target 2 * (C) 2003-2004 by Harald Welte <laforge@netfilter.org> 3 * based on ideas of Fabio Olive Leite <olive@unixforge.org> 4 * 5 * Development of this code funded by SuSE Linux AG, http://www.suse.com/ 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 * 11 */ 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13#include <linux/module.h> 14#include <linux/proc_fs.h> 15#include <linux/jhash.h> 16#include <linux/bitops.h> 17#include <linux/skbuff.h> 18#include <linux/slab.h> 19#include <linux/ip.h> 20#include <linux/tcp.h> 21#include <linux/udp.h> 22#include <linux/icmp.h> 23#include <linux/if_arp.h> 24#include <linux/seq_file.h> 25#include <linux/netfilter_arp.h> 26#include <linux/netfilter/x_tables.h> 27#include <linux/netfilter_ipv4/ip_tables.h> 28#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h> 29#include <net/netfilter/nf_conntrack.h> 30#include <net/net_namespace.h> 31#include <net/netns/generic.h> 32#include <net/checksum.h> 33#include <net/ip.h> 34 35#define CLUSTERIP_VERSION "0.8" 36 37MODULE_LICENSE("GPL"); 38MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 39MODULE_DESCRIPTION("Xtables: CLUSTERIP target"); 40 41struct clusterip_config { 42 struct list_head list; /* list of all configs */ 43 atomic_t refcount; /* reference count */ 44 atomic_t entries; /* number of entries/rules 45 * referencing us */ 46 47 __be32 clusterip; /* the IP address */ 48 u_int8_t clustermac[ETH_ALEN]; /* the MAC address */ 49 struct net_device *dev; /* device */ 50 u_int16_t num_total_nodes; /* total number of nodes */ 51 unsigned long local_nodes; /* node number array */ 52 53#ifdef CONFIG_PROC_FS 54 struct proc_dir_entry *pde; /* proc dir entry */ 55#endif 56 enum clusterip_hashmode hash_mode; /* which hashing mode */ 57 u_int32_t hash_initval; /* hash initialization */ 58 struct rcu_head rcu; 59}; 60 61#ifdef CONFIG_PROC_FS 62static const struct file_operations clusterip_proc_fops; 63#endif 64 65static int clusterip_net_id __read_mostly; 66 67struct clusterip_net { 68 struct list_head configs; 69 /* lock protects the configs list */ 70 spinlock_t lock; 71 72#ifdef CONFIG_PROC_FS 73 struct proc_dir_entry *procdir; 74#endif 75}; 76 77static inline void 78clusterip_config_get(struct clusterip_config *c) 79{ 80 atomic_inc(&c->refcount); 81} 82 83 84static void clusterip_config_rcu_free(struct rcu_head *head) 85{ 86 kfree(container_of(head, struct clusterip_config, rcu)); 87} 88 89static inline void 90clusterip_config_put(struct clusterip_config *c) 91{ 92 if (atomic_dec_and_test(&c->refcount)) 93 call_rcu_bh(&c->rcu, clusterip_config_rcu_free); 94} 95 96/* decrease the count of entries using/referencing this config. If last 97 * entry(rule) is removed, remove the config from lists, but don't free it 98 * yet, since proc-files could still be holding references */ 99static inline void 100clusterip_config_entry_put(struct clusterip_config *c) 101{ 102 struct net *net = dev_net(c->dev); 103 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 104 105 local_bh_disable(); 106 if (atomic_dec_and_lock(&c->entries, &cn->lock)) { 107 list_del_rcu(&c->list); 108 spin_unlock(&cn->lock); 109 local_bh_enable(); 110 111 dev_mc_del(c->dev, c->clustermac); 112 dev_put(c->dev); 113 114 /* In case anyone still accesses the file, the open/close 115 * functions are also incrementing the refcount on their own, 116 * so it's safe to remove the entry even if it's in use. */ 117#ifdef CONFIG_PROC_FS 118 proc_remove(c->pde); 119#endif 120 return; 121 } 122 local_bh_enable(); 123} 124 125static struct clusterip_config * 126__clusterip_config_find(struct net *net, __be32 clusterip) 127{ 128 struct clusterip_config *c; 129 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 130 131 list_for_each_entry_rcu(c, &cn->configs, list) { 132 if (c->clusterip == clusterip) 133 return c; 134 } 135 136 return NULL; 137} 138 139static inline struct clusterip_config * 140clusterip_config_find_get(struct net *net, __be32 clusterip, int entry) 141{ 142 struct clusterip_config *c; 143 144 rcu_read_lock_bh(); 145 c = __clusterip_config_find(net, clusterip); 146 if (c) { 147 if (unlikely(!atomic_inc_not_zero(&c->refcount))) 148 c = NULL; 149 else if (entry) 150 atomic_inc(&c->entries); 151 } 152 rcu_read_unlock_bh(); 153 154 return c; 155} 156 157static void 158clusterip_config_init_nodelist(struct clusterip_config *c, 159 const struct ipt_clusterip_tgt_info *i) 160{ 161 int n; 162 163 for (n = 0; n < i->num_local_nodes; n++) 164 set_bit(i->local_nodes[n] - 1, &c->local_nodes); 165} 166 167static struct clusterip_config * 168clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip, 169 struct net_device *dev) 170{ 171 struct clusterip_config *c; 172 struct clusterip_net *cn = net_generic(dev_net(dev), clusterip_net_id); 173 174 c = kzalloc(sizeof(*c), GFP_ATOMIC); 175 if (!c) 176 return NULL; 177 178 c->dev = dev; 179 c->clusterip = ip; 180 memcpy(&c->clustermac, &i->clustermac, ETH_ALEN); 181 c->num_total_nodes = i->num_total_nodes; 182 clusterip_config_init_nodelist(c, i); 183 c->hash_mode = i->hash_mode; 184 c->hash_initval = i->hash_initval; 185 atomic_set(&c->refcount, 1); 186 atomic_set(&c->entries, 1); 187 188#ifdef CONFIG_PROC_FS 189 { 190 char buffer[16]; 191 192 /* create proc dir entry */ 193 sprintf(buffer, "%pI4", &ip); 194 c->pde = proc_create_data(buffer, S_IWUSR|S_IRUSR, 195 cn->procdir, 196 &clusterip_proc_fops, c); 197 if (!c->pde) { 198 kfree(c); 199 return NULL; 200 } 201 } 202#endif 203 204 spin_lock_bh(&cn->lock); 205 list_add_rcu(&c->list, &cn->configs); 206 spin_unlock_bh(&cn->lock); 207 208 return c; 209} 210 211#ifdef CONFIG_PROC_FS 212static int 213clusterip_add_node(struct clusterip_config *c, u_int16_t nodenum) 214{ 215 216 if (nodenum == 0 || 217 nodenum > c->num_total_nodes) 218 return 1; 219 220 /* check if we already have this number in our bitfield */ 221 if (test_and_set_bit(nodenum - 1, &c->local_nodes)) 222 return 1; 223 224 return 0; 225} 226 227static bool 228clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) 229{ 230 if (nodenum == 0 || 231 nodenum > c->num_total_nodes) 232 return true; 233 234 if (test_and_clear_bit(nodenum - 1, &c->local_nodes)) 235 return false; 236 237 return true; 238} 239#endif 240 241static inline u_int32_t 242clusterip_hashfn(const struct sk_buff *skb, 243 const struct clusterip_config *config) 244{ 245 const struct iphdr *iph = ip_hdr(skb); 246 unsigned long hashval; 247 u_int16_t sport = 0, dport = 0; 248 int poff; 249 250 poff = proto_ports_offset(iph->protocol); 251 if (poff >= 0) { 252 const u_int16_t *ports; 253 u16 _ports[2]; 254 255 ports = skb_header_pointer(skb, iph->ihl * 4 + poff, 4, _ports); 256 if (ports) { 257 sport = ports[0]; 258 dport = ports[1]; 259 } 260 } else { 261 net_info_ratelimited("unknown protocol %u\n", iph->protocol); 262 } 263 264 switch (config->hash_mode) { 265 case CLUSTERIP_HASHMODE_SIP: 266 hashval = jhash_1word(ntohl(iph->saddr), 267 config->hash_initval); 268 break; 269 case CLUSTERIP_HASHMODE_SIP_SPT: 270 hashval = jhash_2words(ntohl(iph->saddr), sport, 271 config->hash_initval); 272 break; 273 case CLUSTERIP_HASHMODE_SIP_SPT_DPT: 274 hashval = jhash_3words(ntohl(iph->saddr), sport, dport, 275 config->hash_initval); 276 break; 277 default: 278 /* to make gcc happy */ 279 hashval = 0; 280 /* This cannot happen, unless the check function wasn't called 281 * at rule load time */ 282 pr_info("unknown mode %u\n", config->hash_mode); 283 BUG(); 284 break; 285 } 286 287 /* node numbers are 1..n, not 0..n */ 288 return reciprocal_scale(hashval, config->num_total_nodes) + 1; 289} 290 291static inline int 292clusterip_responsible(const struct clusterip_config *config, u_int32_t hash) 293{ 294 return test_bit(hash - 1, &config->local_nodes); 295} 296 297/*********************************************************************** 298 * IPTABLES TARGET 299 ***********************************************************************/ 300 301static unsigned int 302clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par) 303{ 304 const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 305 struct nf_conn *ct; 306 enum ip_conntrack_info ctinfo; 307 u_int32_t hash; 308 309 /* don't need to clusterip_config_get() here, since refcount 310 * is only decremented by destroy() - and ip_tables guarantees 311 * that the ->target() function isn't called after ->destroy() */ 312 313 ct = nf_ct_get(skb, &ctinfo); 314 if (ct == NULL) 315 return NF_DROP; 316 317 /* special case: ICMP error handling. conntrack distinguishes between 318 * error messages (RELATED) and information requests (see below) */ 319 if (ip_hdr(skb)->protocol == IPPROTO_ICMP && 320 (ctinfo == IP_CT_RELATED || 321 ctinfo == IP_CT_RELATED_REPLY)) 322 return XT_CONTINUE; 323 324 /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, 325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here 326 * on, which all have an ID field [relevant for hashing]. */ 327 328 hash = clusterip_hashfn(skb, cipinfo->config); 329 330 switch (ctinfo) { 331 case IP_CT_NEW: 332 ct->mark = hash; 333 break; 334 case IP_CT_RELATED: 335 case IP_CT_RELATED_REPLY: 336 /* FIXME: we don't handle expectations at the moment. 337 * They can arrive on a different node than 338 * the master connection (e.g. FTP passive mode) */ 339 case IP_CT_ESTABLISHED: 340 case IP_CT_ESTABLISHED_REPLY: 341 break; 342 default: /* Prevent gcc warnings */ 343 break; 344 } 345 346#ifdef DEBUG 347 nf_ct_dump_tuple_ip(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 348#endif 349 pr_debug("hash=%u ct_hash=%u ", hash, ct->mark); 350 if (!clusterip_responsible(cipinfo->config, hash)) { 351 pr_debug("not responsible\n"); 352 return NF_DROP; 353 } 354 pr_debug("responsible\n"); 355 356 /* despite being received via linklayer multicast, this is 357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ 358 skb->pkt_type = PACKET_HOST; 359 360 return XT_CONTINUE; 361} 362 363static int clusterip_tg_check(const struct xt_tgchk_param *par) 364{ 365 struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 366 const struct ipt_entry *e = par->entryinfo; 367 struct clusterip_config *config; 368 int ret; 369 370 if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP && 371 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && 372 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { 373 pr_info("unknown mode %u\n", cipinfo->hash_mode); 374 return -EINVAL; 375 376 } 377 if (e->ip.dmsk.s_addr != htonl(0xffffffff) || 378 e->ip.dst.s_addr == 0) { 379 pr_info("Please specify destination IP\n"); 380 return -EINVAL; 381 } 382 383 /* FIXME: further sanity checks */ 384 385 config = clusterip_config_find_get(par->net, e->ip.dst.s_addr, 1); 386 if (!config) { 387 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { 388 pr_info("no config found for %pI4, need 'new'\n", 389 &e->ip.dst.s_addr); 390 return -EINVAL; 391 } else { 392 struct net_device *dev; 393 394 if (e->ip.iniface[0] == '\0') { 395 pr_info("Please specify an interface name\n"); 396 return -EINVAL; 397 } 398 399 dev = dev_get_by_name(par->net, e->ip.iniface); 400 if (!dev) { 401 pr_info("no such interface %s\n", 402 e->ip.iniface); 403 return -ENOENT; 404 } 405 406 config = clusterip_config_init(cipinfo, 407 e->ip.dst.s_addr, dev); 408 if (!config) { 409 dev_put(dev); 410 return -ENOMEM; 411 } 412 dev_mc_add(config->dev, config->clustermac); 413 } 414 } 415 cipinfo->config = config; 416 417 ret = nf_ct_l3proto_try_module_get(par->family); 418 if (ret < 0) 419 pr_info("cannot load conntrack support for proto=%u\n", 420 par->family); 421 return ret; 422} 423 424/* drop reference count of cluster config when rule is deleted */ 425static void clusterip_tg_destroy(const struct xt_tgdtor_param *par) 426{ 427 const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 428 429 /* if no more entries are referencing the config, remove it 430 * from the list and destroy the proc entry */ 431 clusterip_config_entry_put(cipinfo->config); 432 433 clusterip_config_put(cipinfo->config); 434 435 nf_ct_l3proto_module_put(par->family); 436} 437 438#ifdef CONFIG_COMPAT 439struct compat_ipt_clusterip_tgt_info 440{ 441 u_int32_t flags; 442 u_int8_t clustermac[6]; 443 u_int16_t num_total_nodes; 444 u_int16_t num_local_nodes; 445 u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; 446 u_int32_t hash_mode; 447 u_int32_t hash_initval; 448 compat_uptr_t config; 449}; 450#endif /* CONFIG_COMPAT */ 451 452static struct xt_target clusterip_tg_reg __read_mostly = { 453 .name = "CLUSTERIP", 454 .family = NFPROTO_IPV4, 455 .target = clusterip_tg, 456 .checkentry = clusterip_tg_check, 457 .destroy = clusterip_tg_destroy, 458 .targetsize = sizeof(struct ipt_clusterip_tgt_info), 459#ifdef CONFIG_COMPAT 460 .compatsize = sizeof(struct compat_ipt_clusterip_tgt_info), 461#endif /* CONFIG_COMPAT */ 462 .me = THIS_MODULE 463}; 464 465 466/*********************************************************************** 467 * ARP MANGLING CODE 468 ***********************************************************************/ 469 470/* hardcoded for 48bit ethernet and 32bit ipv4 addresses */ 471struct arp_payload { 472 u_int8_t src_hw[ETH_ALEN]; 473 __be32 src_ip; 474 u_int8_t dst_hw[ETH_ALEN]; 475 __be32 dst_ip; 476} __packed; 477 478#ifdef DEBUG 479static void arp_print(struct arp_payload *payload) 480{ 481#define HBUFFERLEN 30 482 char hbuffer[HBUFFERLEN]; 483 int j,k; 484 485 for (k=0, j=0; k < HBUFFERLEN-3 && j < ETH_ALEN; j++) { 486 hbuffer[k++] = hex_asc_hi(payload->src_hw[j]); 487 hbuffer[k++] = hex_asc_lo(payload->src_hw[j]); 488 hbuffer[k++]=':'; 489 } 490 hbuffer[--k]='\0'; 491 492 pr_debug("src %pI4@%s, dst %pI4\n", 493 &payload->src_ip, hbuffer, &payload->dst_ip); 494} 495#endif 496 497static unsigned int 498arp_mangle(const struct nf_hook_ops *ops, 499 struct sk_buff *skb, 500 const struct net_device *in, 501 const struct net_device *out, 502 int (*okfn)(struct sk_buff *)) 503{ 504 struct arphdr *arp = arp_hdr(skb); 505 struct arp_payload *payload; 506 struct clusterip_config *c; 507 struct net *net = dev_net(in ? in : out); 508 509 /* we don't care about non-ethernet and non-ipv4 ARP */ 510 if (arp->ar_hrd != htons(ARPHRD_ETHER) || 511 arp->ar_pro != htons(ETH_P_IP) || 512 arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN) 513 return NF_ACCEPT; 514 515 /* we only want to mangle arp requests and replies */ 516 if (arp->ar_op != htons(ARPOP_REPLY) && 517 arp->ar_op != htons(ARPOP_REQUEST)) 518 return NF_ACCEPT; 519 520 payload = (void *)(arp+1); 521 522 /* if there is no clusterip configuration for the arp reply's 523 * source ip, we don't want to mangle it */ 524 c = clusterip_config_find_get(net, payload->src_ip, 0); 525 if (!c) 526 return NF_ACCEPT; 527 528 /* normally the linux kernel always replies to arp queries of 529 * addresses on different interfacs. However, in the CLUSTERIP case 530 * this wouldn't work, since we didn't subscribe the mcast group on 531 * other interfaces */ 532 if (c->dev != out) { 533 pr_debug("not mangling arp reply on different " 534 "interface: cip'%s'-skb'%s'\n", 535 c->dev->name, out->name); 536 clusterip_config_put(c); 537 return NF_ACCEPT; 538 } 539 540 /* mangle reply hardware address */ 541 memcpy(payload->src_hw, c->clustermac, arp->ar_hln); 542 543#ifdef DEBUG 544 pr_debug("mangled arp reply: "); 545 arp_print(payload); 546#endif 547 548 clusterip_config_put(c); 549 550 return NF_ACCEPT; 551} 552 553static struct nf_hook_ops cip_arp_ops __read_mostly = { 554 .hook = arp_mangle, 555 .pf = NFPROTO_ARP, 556 .hooknum = NF_ARP_OUT, 557 .priority = -1 558}; 559 560/*********************************************************************** 561 * PROC DIR HANDLING 562 ***********************************************************************/ 563 564#ifdef CONFIG_PROC_FS 565 566struct clusterip_seq_position { 567 unsigned int pos; /* position */ 568 unsigned int weight; /* number of bits set == size */ 569 unsigned int bit; /* current bit */ 570 unsigned long val; /* current value */ 571}; 572 573static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) 574{ 575 struct clusterip_config *c = s->private; 576 unsigned int weight; 577 u_int32_t local_nodes; 578 struct clusterip_seq_position *idx; 579 580 /* FIXME: possible race */ 581 local_nodes = c->local_nodes; 582 weight = hweight32(local_nodes); 583 if (*pos >= weight) 584 return NULL; 585 586 idx = kmalloc(sizeof(struct clusterip_seq_position), GFP_KERNEL); 587 if (!idx) 588 return ERR_PTR(-ENOMEM); 589 590 idx->pos = *pos; 591 idx->weight = weight; 592 idx->bit = ffs(local_nodes); 593 idx->val = local_nodes; 594 clear_bit(idx->bit - 1, &idx->val); 595 596 return idx; 597} 598 599static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos) 600{ 601 struct clusterip_seq_position *idx = v; 602 603 *pos = ++idx->pos; 604 if (*pos >= idx->weight) { 605 kfree(v); 606 return NULL; 607 } 608 idx->bit = ffs(idx->val); 609 clear_bit(idx->bit - 1, &idx->val); 610 return idx; 611} 612 613static void clusterip_seq_stop(struct seq_file *s, void *v) 614{ 615 if (!IS_ERR(v)) 616 kfree(v); 617} 618 619static int clusterip_seq_show(struct seq_file *s, void *v) 620{ 621 struct clusterip_seq_position *idx = v; 622 623 if (idx->pos != 0) 624 seq_putc(s, ','); 625 626 seq_printf(s, "%u", idx->bit); 627 628 if (idx->pos == idx->weight - 1) 629 seq_putc(s, '\n'); 630 631 return 0; 632} 633 634static const struct seq_operations clusterip_seq_ops = { 635 .start = clusterip_seq_start, 636 .next = clusterip_seq_next, 637 .stop = clusterip_seq_stop, 638 .show = clusterip_seq_show, 639}; 640 641static int clusterip_proc_open(struct inode *inode, struct file *file) 642{ 643 int ret = seq_open(file, &clusterip_seq_ops); 644 645 if (!ret) { 646 struct seq_file *sf = file->private_data; 647 struct clusterip_config *c = PDE_DATA(inode); 648 649 sf->private = c; 650 651 clusterip_config_get(c); 652 } 653 654 return ret; 655} 656 657static int clusterip_proc_release(struct inode *inode, struct file *file) 658{ 659 struct clusterip_config *c = PDE_DATA(inode); 660 int ret; 661 662 ret = seq_release(inode, file); 663 664 if (!ret) 665 clusterip_config_put(c); 666 667 return ret; 668} 669 670static ssize_t clusterip_proc_write(struct file *file, const char __user *input, 671 size_t size, loff_t *ofs) 672{ 673 struct clusterip_config *c = PDE_DATA(file_inode(file)); 674#define PROC_WRITELEN 10 675 char buffer[PROC_WRITELEN+1]; 676 unsigned long nodenum; 677 int rc; 678 679 if (size > PROC_WRITELEN) 680 return -EIO; 681 if (copy_from_user(buffer, input, size)) 682 return -EFAULT; 683 buffer[size] = 0; 684 685 if (*buffer == '+') { 686 rc = kstrtoul(buffer+1, 10, &nodenum); 687 if (rc) 688 return rc; 689 if (clusterip_add_node(c, nodenum)) 690 return -ENOMEM; 691 } else if (*buffer == '-') { 692 rc = kstrtoul(buffer+1, 10, &nodenum); 693 if (rc) 694 return rc; 695 if (clusterip_del_node(c, nodenum)) 696 return -ENOENT; 697 } else 698 return -EIO; 699 700 return size; 701} 702 703static const struct file_operations clusterip_proc_fops = { 704 .owner = THIS_MODULE, 705 .open = clusterip_proc_open, 706 .read = seq_read, 707 .write = clusterip_proc_write, 708 .llseek = seq_lseek, 709 .release = clusterip_proc_release, 710}; 711 712#endif /* CONFIG_PROC_FS */ 713 714static int clusterip_net_init(struct net *net) 715{ 716 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 717 718 INIT_LIST_HEAD(&cn->configs); 719 720 spin_lock_init(&cn->lock); 721 722#ifdef CONFIG_PROC_FS 723 cn->procdir = proc_mkdir("ipt_CLUSTERIP", net->proc_net); 724 if (!cn->procdir) { 725 pr_err("Unable to proc dir entry\n"); 726 return -ENOMEM; 727 } 728#endif /* CONFIG_PROC_FS */ 729 730 return 0; 731} 732 733static void clusterip_net_exit(struct net *net) 734{ 735#ifdef CONFIG_PROC_FS 736 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 737 proc_remove(cn->procdir); 738#endif 739} 740 741static struct pernet_operations clusterip_net_ops = { 742 .init = clusterip_net_init, 743 .exit = clusterip_net_exit, 744 .id = &clusterip_net_id, 745 .size = sizeof(struct clusterip_net), 746}; 747 748static int __init clusterip_tg_init(void) 749{ 750 int ret; 751 752 ret = register_pernet_subsys(&clusterip_net_ops); 753 if (ret < 0) 754 return ret; 755 756 ret = xt_register_target(&clusterip_tg_reg); 757 if (ret < 0) 758 goto cleanup_subsys; 759 760 ret = nf_register_hook(&cip_arp_ops); 761 if (ret < 0) 762 goto cleanup_target; 763 764 pr_info("ClusterIP Version %s loaded successfully\n", 765 CLUSTERIP_VERSION); 766 767 return 0; 768 769cleanup_target: 770 xt_unregister_target(&clusterip_tg_reg); 771cleanup_subsys: 772 unregister_pernet_subsys(&clusterip_net_ops); 773 return ret; 774} 775 776static void __exit clusterip_tg_exit(void) 777{ 778 pr_info("ClusterIP Version %s unloading\n", CLUSTERIP_VERSION); 779 780 nf_unregister_hook(&cip_arp_ops); 781 xt_unregister_target(&clusterip_tg_reg); 782 unregister_pernet_subsys(&clusterip_net_ops); 783 784 /* Wait for completion of call_rcu_bh()'s (clusterip_config_rcu_free) */ 785 rcu_barrier_bh(); 786} 787 788module_init(clusterip_tg_init); 789module_exit(clusterip_tg_exit); 790