linux/net/netfilter/xt_cluster.c
<<
opti6.3/spae=" 6.3/form=" 6.3a opti6. href="../linux+v3 10/net/netfilter/xt_cluster.c">opti6.3img src="../.static/gfx/right.png" alt=">>">op3/spae="op3spae class="lxr_search">optiopti6.3input typ vhidden" nam vnavtarget" > v">opti6.3input typ vtext" nam vsearch" id vsearch">opti6.3butt" typ vsubmit">Searchopti6.Prefs" 6.3/a>op3/spae="ti6. .3/div="ti6. .3form acalue="ajax+*" method="post" onsubmit="return false;">op3input typ vhidden" nam vajax_lookup" id vajax_lookup" > v">oti6. .3/form="oti6. .3div class="headingbott"m">" 3div id vfile_contents"=
. .13/a>3spae class="comment">/*3/spae=". .23/a>3spae class="comment"> * (C) 2008-2009 Pablo Neira Ayuso <pablo@netfilter.org>3/spae=". .33/a>3spae class="comment"> *3/spae=". .43/a>3spae class="comment"> * This program is free software; you cae redistribute it and/or modify3/spae=". .53/a>3spae class="comment"> * it under the terms of the GNU General Public License vers8"
	2 as3/spae=". .63/a>3spae class="comment"> * published by the Free Software Foundaalue.3/spae=". .73/a>3spae class="comment"> */3/spae=". .83/a>#define.3a href="+code=pr_fmt" class="sref">pr_fmt3/a>(3a href="+code=fmt" class="sref">fmt3/a>).3a href="+code=KBUILD_MODNAME" class="sref">KBUILD_MODNAME3/a> 3spae class="string">": "3/spae=.3a href="+code=fmt" class="sref">fmt3/a>". .93/a>#include <linux/module.h3/a>>".   v3a>#include <linux/skbuff.h3/a>>". 11v3a>#include <linux/jhash.h3/a>>". 12v3a>#include <linux/ip.h3/a>>". 13v3a>#include <net/ipv6.h3/a>>". 143/a>". 15v3a>#include <linux/netfilter/x_tables.h3/a>>". 16v3a>#include <net/netfilter/nf_conntrack.h3/a>>". 17v3a>#include <linux/netfilter/xt_cluster.h3/a>>". 183/a>". 193/a>static.3a href="+code=inline" class="sref">inline3/a> 3a href="+code=u32" class="sref">u323/a> 3a href="+code=nf_ct_orig_ipv4_src" class="sref">nf_ct_orig_ipv4_src3/a>(const struct 3a href="+code=nf_conn" class="sref">nf_conn3/a> *3a href="+code=ct" class="sref">ct3/a>)". 2 v3a>{". 21v3a>        return (3a href="+code=__force" class="sref">__force3/a> 3a href="+code=u32" class="sref">u323/a>)3a href="+code=ct" class="sref">ct3/a>->3a href="+code=tuplehash" class="sref">tuplehash3/a>[3a href="+code=IP_CT_DIR_ORIGINAL" class="sref">IP_CT_DIR_ORIGINAL3/a>].3a href="+code=tuple" class="sref">tuple3/a>.3a href="+code=src" class="sref">src3/a>.3a href="+code=u3" class="sref">u33/a>.3a href="+code=ip" class="sref">ip3/a>;". 223/a>}". 233/a>". 243/a>static.3a href="+code=inline" class="sref">inline3/a> const 3a href="+code=u32" class="sref">u323/a> *3a href="+code=nf_ct_orig_ipv6_src" class="sref">nf_ct_orig_ipv6_src3/a>(const struct 3a href="+code=nf_conn" class="sref">nf_conn3/a> *3a href="+code=ct" class="sref">ct3/a>)". 25v3a>{". 26v3a>        return (3a href="+code=__force" class="sref">__force3/a> 3a href="+code=u32" class="sref">u323/a> *)3a href="+code=ct" class="sref">ct3/a>->3a href="+code=tuplehash" class="sref">tuplehash3/a>[3a href="+code=IP_CT_DIR_ORIGINAL" class="sref">IP_CT_DIR_ORIGINAL3/a>].3a href="+code=tuple" class="sref">tuple3/a>.3a href="+code=src" class="sref">src3/a>.3a href="+code=u3" class="sref">u33/a>.3a href="+code=ip6" class="sref">ip63/a>;". 273/a>}". 283/a>". 293/a>static.3a href="+code=inline" class="sref">inline3/a> 3a href="+code=u_int32_t" class="sref">u_int32_t3/a>". 3 v3a>3a href="+code=xt_cluster_hash_ipv4" class="sref">xt_cluster_hash_ipv43/a>(3a href="+code=u_int32_t" class="sref">u_int32_t3/a>.3a href="+code=ip" class="sref">ip3/a>, const struct 3a href="+code=xt_cluster_match_info" class="sref">xt_cluster_match_info3/a> *3a href="+code=info" class="sref">info3/a>)". 31v3a>{". 323/a>        return 3a href="+code=jhash_1word" class="sref">jhash_1word3/a>(3a href="+code=ip" class="sref">ip3/a>, 3a href="+code=info" class="sref">info3/a>->3a href="+code=hash_seed" class="sref">hash_seed3/a>);". 333/a>}". 343/a>". 353/a>static.3a href="+code=inline" class="sref">inline3/a> 3a href="+code=u_int32_t" class="sref">u_int32_t3/a>". 36v3a>3a href="+code=xt_cluster_hash_ipv6" class="sref">xt_cluster_hash_ipv63/a>(const void *3a href="+code=ip" class="sref">ip3/a>, const struct 3a href="+code=xt_cluster_match_info" class="sref">xt_cluster_match_info3/a> *3a href="+code=info" class="sref">info3/a>)". 37v3a>{". 383/a>        return 3a href="+code=jhash2" class="sref">jhash23/a>(3a href="+code=ip" class="sref">ip3/a>, 3a href="+code=NF_CT_TUPLE_L3SIZE" class="sref">NF_CT_TUPLE_L3SIZE3/a> / sizeof(3a href="+code=__u32" class="sref">__u323/a>), 3a href="+code=info" class="sref">info3/a>->3a href="+code=hash_seed" class="sref">hash_seed3/a>);". 393/a>}". 403/a>". 413/a>static.3a href="+code=inline" class="sref">inline3/a> 3a href="+code=u_int32_t" class="sref">u_int32_t3/a>". 42v3a>3a href="+code=xt_cluster_hash" class="sref">xt_cluster_hash3/a>(const struct 3a href="+code=nf_conn" class="sref">nf_conn3/a> *3a href="+code=ct" class="sref">ct3/a>,". 433/a>                const struct 3a href="+code=xt_cluster_match_info" class="sref">xt_cluster_match_info3/a> *3a href="+code=info" class="sref">info3/a>)". 44v3a>{". 453/a>        3a href="+code=u_int32_t" class="sref">u_int32_t3/a>.3a href="+code=hash" class="sref">hash3/a> = 0;". 463/a>". 473/a>        switch(3a href="+code=nf_ct_l3num" class="sref">nf_ct_l3num3/a>(3a href="+code=ct" class="sref">ct3/a>)) {". 483/a>        case.3a href="+code=AF_INET" class="sref">AF_INET3/a>:". 493/a>                3a href="+code=hash" class="sref">hash3/a> = 3a href="+code=xt_cluster_hash_ipv4" class="sref">xt_cluster_hash_ipv43/a>(3a href="+code=nf_ct_orig_ipv4_src" class="sref">nf_ct_orig_ipv4_src3/a>(3a href="+code=ct" class="sref">ct3/a>), 3a href="+code=info" class="sref">info3/a>);". 503/a>                break;". 513/a>        case.3a href="+code=AF_INET6" class="sref">AF_INET63/a>:". 523/a>                3a href="+code=hash" class="sref">hash3/a> = 3a href="+code=xt_cluster_hash_ipv6" class="sref">xt_cluster_hash_ipv63/a>(3a href="+code=nf_ct_orig_ipv6_src" class="sref">nf_ct_orig_ipv6_src3/a>(3a href="+code=ct" class="sref">ct3/a>), 3a href="+code=info" class="sref">info3/a>);". 533/a>                break;". 543/a>        default:". 553/a>                3a href="+code=WARN_ON" class="sref">WARN_ON3/a>(1);". 563/a>                break;". 573/a>        }". 583/a>        return (((3a href="+code=u64" class="sref">u643/a>)3a href="+code=hash" class="sref">hash3/a> * 3a href="+code=info" class="sref">info3/a>->3a href="+code=total_nodes" class="sref">total_nodes3/a>) >> 32);". 593/a>}". 603/a>". 613/a>static.3a href="+code=inline" class="sref">inline3/a> 3a href="+code=bool" class="sref">bool3/a>". 62v3a>3a href="+code=xt_cluster_ipv6_is_multicast" class="sref">xt_cluster_ipv6_is_multicast3/a>(const struct 3a href="+code=in6_addr" class="sref">in6_addr3/a> *3a href="+code=addr" class="sref">addr3/a>)". 63v3a>{". 643/a>        3a href="+code=__be32" class="sref">__be323/a> 3a href="+code=st" class="sref">st3/a> = 3a href="+code=addr" class="sref">addr3/a>->3a href="+code=s6_addr32" class="sref">s6_addr323/a>[0];". 653/a>        return ((3a href="+code=st" class="sref">st3/a> & 3a href="+code=htonl" class="sref">htonl3/a>(0xFF000000)) == 3a href="+code=htonl" class="sref">htonl3/a>(0xFF000000));". 663/a>}". 673/a>". 683/a>static.3a href="+code=inline" class="sref">inline3/a> 3a href="+code=bool" class="sref">bool3/a>". 69v3a>3a href="+code=xt_cluster_is_multicast_addr" class="sref">xt_cluster_is_multicast_addr3/a>(const struct 3a href="+code=sk_buff" class="sref">sk_buff3/a> *3a href="+code=skb" class="sref">skb3/a>, 3a href="+code=u_int8_t" class="sref">u_int8_t3/a>.3a href="+code=family" class="sref">family3/a>)". 7 v3a>{". 713/a>        3a href="+code=bool" class="sref">bool3/a>.3a href="+code=is_multicast" class="sref">is_multicast3/a> = 3a href="+code=false" class="sref">false3/a>;". 723/a>". 733/a>        switch(3a href="+code=family" class="sref">family3/a>) {". 743/a>        case.3a href="+code=NFPROTO_IPV4" class="sref">NFPROTO_IPV43/a>:". 753/a>                3a href="+code=is_multicast" class="sref">is_multicast3/a> = 3a href="+code=ipv4_is_multicast" class="sref">ipv4_is_multicast3/a>(3a href="+code=ip_hdr" class="sref">ip_hdr3/a>(3a href="+code=skb" class="sref">skb3/a>)->3a href="+code=daddr" class="sref">daddr3/a>);". 763/a>                break;". 773/a>        case.3a href="+code=NFPROTO_IPV6" class="sref">NFPROTO_IPV63/a>:". 783/a>                3a href="+code=is_multicast" class="sref">is_multicast3/a> =". 793/a>                        3a href="+code=xt_cluster_ipv6_is_multicast" class="sref">xt_cluster_ipv6_is_multicast3/a>(&3a href="+code=ipv6_hdr" class="sref">ipv6_hdr3/a>(3a href="+code=skb" class="sref">skb3/a>)->3a href="+code=daddr" class="sref">daddr3/a>);". 803/a>                break;". 813/a>        default:". 823/a>                3a href="+code=WARN_ON" class="sref">WARN_ON3/a>(1);". 833/a>                break;". 843/a>        }". 853/a>        return 3a href="+code=is_multicast" class="sref">is_multicast3/a>;". 863/a>}". 873/a>". 883/a>static.3a href="+code=bool" class="sref">bool3/a>". 89v3a>3a href="+code=xt_cluster_mt" class="sref">xt_cluster_mt3/a>(const struct 3a href="+code=sk_buff" class="sref">sk_buff3/a> *3a href="+code=skb" class="sref">skb3/a>, struct 3a href="+code=xt_acalue_param" class="sref">xt_acalue_param3/a> *3a href="+code=par" class="sref">par3/a>)". 9 v3a>{". 913/a>        struct 3a href="+code=sk_buff" class="sref">sk_buff3/a> *3a href="+code=pskb" class="sref">pskb3/a> = (struct 3a href="+code=sk_buff" class="sref">sk_buff3/a> *)3a href="+code=skb" class="sref">skb3/a>;". 923/a>        const struct 3a href="+code=xt_cluster_match_info" class="sref">xt_cluster_match_info3/a> *3a href="+code=info" class="sref">info3/a> = 3a href="+code=par" class="sref">par3/a>->3a href="+code=matchinfo" class="sref">matchinfo3/a>;". 933/a>        const struct 3a href="+code=nf_conn" class="sref">nf_conn3/a> *3a href="+code=ct" class="sref">ct3/a>;". 943/a>        enum 3a href="+code=ip_conntrack_info" class="sref">ip_conntrack_info3/a>.3a href="+code=calnfo" class="sref">calnfo3/a>;". 953/a>        unsigned long 3a href="+code=hash" class="sref">hash3/a>;". 963/a>". 973/a>        3spae class="comment">/* This match assumes that all nodes see the sam  packets. This cae be3/spae=". 983/a>3spae class="comment">         * achieved if the switch that connects the cluster nodes support some3/spae=". 993/a>3spae class="comment">         * sort of 'port mirroring'. However, if your switch does not support3/spae=".1003/a>3spae class="comment">         * this, your cluster nodes cae reply ARP request using a multicast MAC3/spae=".1013/a>3spae class="comment">         * address. Thus, your switch will flood the sam  packets to the3/spae=".1023/a>3spae class="comment">         * cluster nodes with the sam  multicast MAC address. Using a multicast3/spae=".1033/a>3spae class="comment">         * link address is a RFC 1812 (secalue 3.3.2) violaalue, but this works3/spae=".1043/a>3spae class="comment">         * fine.in pracalse.3/spae=".1053/a>3spae class="comment">         *3/spae=".1063/a>3spae class="comment">         * Unfortunately, if you use the multicast MAC address, the link layer3/spae=".1073/a>3spae class="comment">         * sets skbuff's pkt_typ  to PACKET_MULTICAST, which is not accepted3/spae=".1083/a>3spae class="comment">         * by TCP and others for packets coming to this node. For that reasue,3/spae=".1093/a>3spae class="comment">         * this match mangles skbuff's pkt_typ  if it detects a packet3/spae=".1103/a>3spae class="comment">         * addressed to a unicast address but using PACKET_MULTICAST. Yes, I3/spae=".1113/a>3spae class="comment">         * know, matches should not alter packets, but we are doing this here3/spae=".1123/a>3spae class="comment">         * because we would need to add a PKTTYPE target for this sol  purpose.3/spae=".1133/a>3spae class="comment">         */3/spae=".1143/a>        if (!3a href="+code=xt_cluster_is_multicast_addr" class="sref">xt_cluster_is_multicast_addr3/a>(3a href="+code=skb" class="sref">skb3/a>, 3a href="+code=par" class="sref">par3/a>->3a href="+code=family" class="sref">family3/a>) &&".1153/a>            3a href="+code=skb" class="sref">skb3/a>->3a href="+code=pkt_typ " class="sref">pkt_typ 3/a> == 3a href="+code=PACKET_MULTICAST" class="sref">PACKET_MULTICAST3/a>) {".1163/a>                3a href="+code=pskb" class="sref">pskb3/a>->3a href="+code=pkt_typ " class="sref">pkt_typ 3/a> = 3a href="+code=PACKET_HOST" class="sref">PACKET_HOST3/a>;".1173/a>        }".1183/a>".1193/a>        3a href="+code=ct" class="sref">ct3/a> = 3a href="+code=nf_ct_get" class="sref">nf_ct_get3/a>(3a href="+code=skb" class="sref">skb3/a>, &3a href="+code=calnfo" class="sref">calnfo3/a>);".1203/a>        if (3a href="+code=ct" class="sref">ct3/a> == 3a href="+code=NULL" class="sref">NULL3/a>)".121v3a>                return 3a href="+code=false" class="sref">false3/a>;".1223/a>".1233/a>        if (3a href="+code=nf_ct_is_untracked" class="sref">nf_ct_is_untracked3/a>(3a href="+code=ct" class="sref">ct3/a>))".124v3a>                return 3a href="+code=false" class="sref">false3/a>;".125v3a>".126v3a>        if (3a href="+code=ct" class="sref">ct3/a>->3a href="+code=master" class="sref">master3/a>)".1273/a>                3a href="+code=hash" class="sref">hash3/a> = 3a href="+code=xt_cluster_hash" class="sref">xt_cluster_hash3/a>(3a href="+code=ct" class="sref">ct3/a>->3a href="+code=master" class="sref">master3/a>, 3a href="+code=info" class="sref">info3/a>);".1283/a>        else".1293/a>                3a href="+code=hash" class="sref">hash3/a> = 3a href="+code=xt_cluster_hash" class="sref">xt_cluster_hash3/a>(3a href="+code=ct" class="sref">ct3/a>, 3a href="+code=info" class="sref">info3/a>);".1303/a>".131v3a>        return !!((1 << 3a href="+code=hash" class="sref">hash3/a>) & 3a href="+code=info" class="sref">info3/a>->3a href="+code=node_mask" class="sref">node_mask3/a>) ^".1323/a>               !!(3a href="+code=info" class="sref">info3/a>->3a href="+code=flags" class="sref">flags3/a> & 3a href="+code=XT_CLUSTER_F_INV" class="sref">XT_CLUSTER_F_INV3/a>);".1333/a>}".1343/a>".1353/a>static.int 3a href="+code=xt_cluster_mt_checkentry" class="sref">xt_cluster_mt_checkentry3/a>(const struct 3a href="+code=xt_mtchk_param" class="sref">xt_mtchk_param3/a> *3a href="+code=par" class="sref">par3/a>)".136v3a>{".1373/a>        struct 3a href="+code=xt_cluster_match_info" class="sref">xt_cluster_match_info3/a> *3a href="+code=info" class="sref">info3/a> = 3a href="+code=par" class="sref">par3/a>->3a href="+code=matchinfo" class="sref">matchinfo3/a>;".1383/a>".1393/a>        if (3a href="+code=info" class="sref">info3/a>->3a href="+code=total_nodes" class="sref">total_nodes3/a> > 3a href="+code=XT_CLUSTER_NODES_MAX" class="sref">XT_CLUSTER_NODES_MAX3/a>) {".1403/a>                3a href="+code=pr_info" class="sref">pr_info3/a>(3spae class="string">"you have exceeded the maximum "3/spae=".141v3a>                        3spae class="string">"number of cluster nodes (%u > %u)\n"3/spae=,".1423/a>                        3a href="+code=info" class="sref">info3/a>->3a href="+code=total_nodes" class="sref">total_nodes3/a>, 3a href="+code=XT_CLUSTER_NODES_MAX" class="sref">XT_CLUSTER_NODES_MAX3/a>);".1433/a>                return -3a href="+code=EINVAL" class="sref">EINVAL3/a>;".1443/a>        }".1453/a>        if (3a href="+code=info" class="sref">info3/a>->3a href="+code=node_mask" class="sref">node_mask3/a> >= (1ULL << 3a href="+code=info" class="sref">info3/a>->3a href="+code=total_nodes" class="sref">total_nodes3/a>)) {".1463/a>                3a href="+code=pr_info" class="sref">pr_info3/a>(3spae class="string">"this node mask caenot be "3/spae=".1473/a>                        3spae class="string">"higher thae the total number of nodes\n"3/spae=);".1483/a>                return -3a href="+code=EDOM" class="sref">EDOM3/a>;".1493/a>        }".1503/a>        return 0;".1513/a>}".1523/a>".1533/a>static.struct 3a href="+code=xt_match" class="sref">xt_match3/a>.3a href="+code=xt_cluster_match" class="sref">xt_cluster_match3/a>.3a href="+code=__read_mostly" class="sref">__read_mostly3/a> = {".1543/a>        .3a href="+code=nam " class="sref">name3/a>           = 3spae class="string">"cluster"3/spae=,".1553/a>        .3a href="+code=family" class="sref">family3/a>         = 3a href="+code=NFPROTO_UNSPEC" class="sref">NFPROTO_UNSPEC3/a>,".1563/a>        .3a href="+code=match" class="sref">match3/a>.         = 3a href="+code=xt_cluster_mt" class="sref">xt_cluster_mt3/a>,".1573/a>        .3a href="+code=checkentry" class="sref">checkentry3/a>     = 3a href="+code=xt_cluster_mt_checkentry" class="sref">xt_cluster_mt_checkentry3/a>,".1583/a>        .3a href="+code=matchsize" class="sref">matchsize3/a>      = sizeof(struct 3a href="+code=xt_cluster_match_info" class="sref">xt_cluster_match_info3/a>),".1593/a>        .3a href="+code=me" class="sref">me3/a>             = 3a href="+code=THIS_MODULE" class="sref">THIS_MODULE3/a>,".1603/a>};".1613/a>".162v3a>static.int 3a href="+code=__init" class="sref">__init3/a>.3a href="+code=xt_cluster_mt_init" class="sref">xt_cluster_mt_init3/a>(void)".163v3a>{".1643/a>        return 3a href="+code=xt_register_match" class="sref">xt_register_match3/a>(&3a href="+code=xt_cluster_match" class="sref">xt_cluster_match3/a>);".1653/a>}".1663/a>".1673/a>static.void 3a href="+code=__exit" class="sref">__exit3/a>.3a href="+code=xt_cluster_mt_fini" class="sref">xt_cluster_mt_fini3/a>(void)".1683/a>{".1693/a>        3a href="+code=xt_unregister_match" class="sref">xt_unregister_match3/a>(&3a href="+code=xt_cluster_match" class="sref">xt_cluster_match3/a>);".17 v3a>}".1713/a>".172v3a>3a href="+code=MODULE_AUTHOR" class="sref">MODULE_AUTHOR3/a>(3spae class="string">"Pablo Neira Ayuso <pablo@netfilter.org>"3/spae=);".1733/a>3a href="+code=MODULE_LICENSE" class="sref">MODULE_LICENSE3/a>(3spae class="string">"GPL"3/spae=);".1743/a>3a href="+code=MODULE_DESCRIPTION" class="sref">MODULE_DESCRIPTION3/a>(3spae class="string">"Xtables: hash-based cluster match"3/spae=);".1753/a>3a href="+code=MODULE_ALIAS" class="sref">MODULE_ALIAS3/a>(3spae class="string">"ipt_cluster"3/spae=);".176v3a>3a href="+code=MODULE_ALIAS" class="sref">MODULE_ALIAS3/a>(3spae class="string">"ip6t_cluster"3/spae=);".1773/a>3a href="+code=module_init" class="sref">module_init3/a>(3a href="+code=xt_cluster_mt_init" class="sref">xt_cluster_mt_init3/a>);".1783/a>3a href="+code=module_exit" class="sref">module_exit3/a>(3a href="+code=xt_cluster_mt_fini" class="sref">xt_cluster_mt_fini3/a>);".1793/a>
3/div=" 3/div=" 3div class="footer"> The original LXR software by the LXR community3/a>, this experimental vers8" by lxr@linux.no3/a>. 3/div="3div class="subfooter"> lxr.linux.no kindly hosted by Redpill Linpro AS3/a>, provider of Linux consulting and operaalues services since 1995. 3/div=" 3/body="3/html="