|
Packit |
7b22a4 |
/* Shared library add-on to iptables to add CLUSTERIP target support.
|
|
Packit |
7b22a4 |
* (C) 2003 by Harald Welte <laforge@gnumonks.org>
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* Development of this code was funded by SuSE AG, http://www.suse.com/
|
|
Packit |
7b22a4 |
*/
|
|
Packit |
7b22a4 |
#include <stdbool.h>
|
|
Packit |
7b22a4 |
#include <stdio.h>
|
|
Packit |
7b22a4 |
#include <string.h>
|
|
Packit |
7b22a4 |
#include <stdlib.h>
|
|
Packit |
7b22a4 |
#include <getopt.h>
|
|
Packit |
7b22a4 |
#include <stddef.h>
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#if defined(__GLIBC__) && __GLIBC__ == 2
|
|
Packit |
7b22a4 |
#include <net/ethernet.h>
|
|
Packit |
7b22a4 |
#else
|
|
Packit |
7b22a4 |
#include <linux/if_ether.h>
|
|
Packit |
7b22a4 |
#endif
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#include <xtables.h>
|
|
Packit |
7b22a4 |
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
enum {
|
|
Packit |
7b22a4 |
O_NEW = 0,
|
|
Packit |
7b22a4 |
O_HASHMODE,
|
|
Packit |
7b22a4 |
O_CLUSTERMAC,
|
|
Packit |
7b22a4 |
O_TOTAL_NODES,
|
|
Packit |
7b22a4 |
O_LOCAL_NODE,
|
|
Packit |
7b22a4 |
O_HASH_INIT,
|
|
Packit |
7b22a4 |
F_NEW = 1 << O_NEW,
|
|
Packit |
7b22a4 |
F_HASHMODE = 1 << O_HASHMODE,
|
|
Packit |
7b22a4 |
F_CLUSTERMAC = 1 << O_CLUSTERMAC,
|
|
Packit |
7b22a4 |
F_TOTAL_NODES = 1 << O_TOTAL_NODES,
|
|
Packit |
7b22a4 |
F_LOCAL_NODE = 1 << O_LOCAL_NODE,
|
|
Packit |
7b22a4 |
F_FULL = F_NEW | F_HASHMODE | F_CLUSTERMAC |
|
|
Packit |
7b22a4 |
F_TOTAL_NODES | F_LOCAL_NODE,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CLUSTERIP_help(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
printf(
|
|
Packit |
7b22a4 |
"CLUSTERIP target options:\n"
|
|
Packit |
7b22a4 |
" --new Create a new ClusterIP\n"
|
|
Packit |
7b22a4 |
" --hashmode <mode> Specify hashing mode\n"
|
|
Packit |
7b22a4 |
" sourceip\n"
|
|
Packit |
7b22a4 |
" sourceip-sourceport\n"
|
|
Packit |
7b22a4 |
" sourceip-sourceport-destport\n"
|
|
Packit |
7b22a4 |
" --clustermac <mac> Set clusterIP MAC address\n"
|
|
Packit |
7b22a4 |
" --total-nodes <num> Set number of total nodes in cluster\n"
|
|
Packit |
7b22a4 |
" --local-node <num> Set the local node number\n"
|
|
Packit |
7b22a4 |
" --hash-init <num> Set init value of the Jenkins hash\n");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#define s struct ipt_clusterip_tgt_info
|
|
Packit |
7b22a4 |
static const struct xt_option_entry CLUSTERIP_opts[] = {
|
|
Packit |
7b22a4 |
{.name = "new", .id = O_NEW, .type = XTTYPE_NONE},
|
|
Packit |
7b22a4 |
{.name = "hashmode", .id = O_HASHMODE, .type = XTTYPE_STRING,
|
|
Packit |
7b22a4 |
.also = O_NEW},
|
|
Packit |
7b22a4 |
{.name = "clustermac", .id = O_CLUSTERMAC, .type = XTTYPE_ETHERMAC,
|
|
Packit |
7b22a4 |
.also = O_NEW, .flags = XTOPT_PUT, XTOPT_POINTER(s, clustermac)},
|
|
Packit |
7b22a4 |
{.name = "total-nodes", .id = O_TOTAL_NODES, .type = XTTYPE_UINT16,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(s, num_total_nodes),
|
|
Packit |
7b22a4 |
.also = O_NEW, .max = CLUSTERIP_MAX_NODES},
|
|
Packit |
7b22a4 |
{.name = "local-node", .id = O_LOCAL_NODE, .type = XTTYPE_UINT16,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(s, local_nodes[0]),
|
|
Packit |
7b22a4 |
.also = O_NEW, .max = CLUSTERIP_MAX_NODES},
|
|
Packit |
7b22a4 |
{.name = "hash-init", .id = O_HASH_INIT, .type = XTTYPE_UINT32,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(s, hash_initval),
|
|
Packit |
7b22a4 |
.also = O_NEW, .max = UINT_MAX},
|
|
Packit |
7b22a4 |
XTOPT_TABLEEND,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
#undef s
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CLUSTERIP_parse(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
struct ipt_clusterip_tgt_info *cipinfo = cb->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xtables_option_parse(cb);
|
|
Packit |
7b22a4 |
switch (cb->entry->id) {
|
|
Packit |
7b22a4 |
case O_NEW:
|
|
Packit |
7b22a4 |
cipinfo->flags |= CLUSTERIP_FLAG_NEW;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HASHMODE:
|
|
Packit |
7b22a4 |
if (strcmp(cb->arg, "sourceip") == 0)
|
|
Packit |
7b22a4 |
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP;
|
|
Packit |
7b22a4 |
else if (strcmp(cb->arg, "sourceip-sourceport") == 0)
|
|
Packit |
7b22a4 |
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP_SPT;
|
|
Packit |
7b22a4 |
else if (strcmp(cb->arg, "sourceip-sourceport-destport") == 0)
|
|
Packit |
7b22a4 |
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP_SPT_DPT;
|
|
Packit |
7b22a4 |
else
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "Unknown hashmode \"%s\"\n",
|
|
Packit |
7b22a4 |
cb->arg);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_CLUSTERMAC:
|
|
Packit |
7b22a4 |
if (!(cipinfo->clustermac[0] & 0x01))
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "MAC has to be a multicast ethernet address\n");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_LOCAL_NODE:
|
|
Packit |
7b22a4 |
cipinfo->num_local_nodes = 1;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CLUSTERIP_check(struct xt_fcheck_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
if (cb->xflags == 0)
|
|
Packit |
7b22a4 |
return;
|
|
Packit |
7b22a4 |
if ((cb->xflags & F_FULL) == F_FULL)
|
|
Packit |
7b22a4 |
return;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "CLUSTERIP target: Invalid parameter combination\n");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const char *hashmode2str(enum clusterip_hashmode mode)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const char *retstr;
|
|
Packit |
7b22a4 |
switch (mode) {
|
|
Packit |
7b22a4 |
case CLUSTERIP_HASHMODE_SIP:
|
|
Packit |
7b22a4 |
retstr = "sourceip";
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case CLUSTERIP_HASHMODE_SIP_SPT:
|
|
Packit |
7b22a4 |
retstr = "sourceip-sourceport";
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case CLUSTERIP_HASHMODE_SIP_SPT_DPT:
|
|
Packit |
7b22a4 |
retstr = "sourceip-sourceport-destport";
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
default:
|
|
Packit |
7b22a4 |
retstr = "unknown-error";
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
return retstr;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const char *mac2str(const uint8_t mac[ETH_ALEN])
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
static char buf[ETH_ALEN*3];
|
|
Packit |
7b22a4 |
sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
|
|
Packit |
7b22a4 |
mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
|
|
Packit |
7b22a4 |
return buf;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CLUSTERIP_print(const void *ip,
|
|
Packit |
7b22a4 |
const struct xt_entry_target *target, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_clusterip_tgt_info *cipinfo =
|
|
Packit |
7b22a4 |
(const struct ipt_clusterip_tgt_info *)target->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
|
|
Packit |
7b22a4 |
printf(" CLUSTERIP");
|
|
Packit |
7b22a4 |
return;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" CLUSTERIP hashmode=%s clustermac=%s total_nodes=%u local_node=%u hash_init=%u",
|
|
Packit |
7b22a4 |
hashmode2str(cipinfo->hash_mode),
|
|
Packit |
7b22a4 |
mac2str(cipinfo->clustermac),
|
|
Packit |
7b22a4 |
cipinfo->num_total_nodes,
|
|
Packit |
7b22a4 |
cipinfo->local_nodes[0],
|
|
Packit |
7b22a4 |
cipinfo->hash_initval);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CLUSTERIP_save(const void *ip, const struct xt_entry_target *target)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_clusterip_tgt_info *cipinfo =
|
|
Packit |
7b22a4 |
(const struct ipt_clusterip_tgt_info *)target->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
/* if this is not a new entry, we don't need to save target
|
|
Packit |
7b22a4 |
* parameters */
|
|
Packit |
7b22a4 |
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW))
|
|
Packit |
7b22a4 |
return;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" --new --hashmode %s --clustermac %s --total-nodes %d --local-node %d --hash-init %u",
|
|
Packit |
7b22a4 |
hashmode2str(cipinfo->hash_mode),
|
|
Packit |
7b22a4 |
mac2str(cipinfo->clustermac),
|
|
Packit |
7b22a4 |
cipinfo->num_total_nodes,
|
|
Packit |
7b22a4 |
cipinfo->local_nodes[0],
|
|
Packit |
7b22a4 |
cipinfo->hash_initval);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static struct xtables_target clusterip_tg_reg = {
|
|
Packit |
7b22a4 |
.name = "CLUSTERIP",
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.family = NFPROTO_IPV4,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
|
|
Packit |
7b22a4 |
.userspacesize = offsetof(struct ipt_clusterip_tgt_info, config),
|
|
Packit |
7b22a4 |
.help = CLUSTERIP_help,
|
|
Packit |
7b22a4 |
.x6_parse = CLUSTERIP_parse,
|
|
Packit |
7b22a4 |
.x6_fcheck = CLUSTERIP_check,
|
|
Packit |
7b22a4 |
.print = CLUSTERIP_print,
|
|
Packit |
7b22a4 |
.save = CLUSTERIP_save,
|
|
Packit |
7b22a4 |
.x6_options = CLUSTERIP_opts,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
void _init(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
xtables_register_target(&clusterip_tg_reg);
|
|
Packit |
7b22a4 |
}
|