diff options
| author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-06-04 15:19:42 +0000 |
|---|---|---|
| committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-06-04 15:19:42 +0000 |
| commit | cea33148e4ccf108f587e5796c026600aba35ab1 (patch) | |
| tree | ff11c9044574357b1ae23fbcacc5155382aaa632 | |
| parent | 3b08bd18d5f0364c8dfa6f2b974799919482d512 (diff) | |
| download | conntrack-tools-cea33148e4ccf108f587e5796c026600aba35ab1.tar.gz conntrack-tools-cea33148e4ccf108f587e5796c026600aba35ab1.zip | |
o remove useless backlog parameter in multicast sockets
o remove reminiscents of delay destroy message and relax transitions
o remove confusing StripNAT parameter: NAT support enabled by default
o relax event tracking: *_update callbacks use cache_update_force
o use wraparound-aware functions after/before/between
o lots of cleanups
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | configure.in | 2 | ||||
| -rw-r--r-- | examples/sync/nack/node1/conntrackd.conf | 6 | ||||
| -rw-r--r-- | examples/sync/nack/node2/conntrackd.conf | 6 | ||||
| -rw-r--r-- | examples/sync/persistent/node1/conntrackd.conf | 6 | ||||
| -rw-r--r-- | examples/sync/persistent/node2/conntrackd.conf | 6 | ||||
| -rw-r--r-- | include/conntrackd.h | 17 | ||||
| -rw-r--r-- | include/mcast.h | 1 | ||||
| -rw-r--r-- | include/network.h | 19 | ||||
| -rw-r--r-- | include/sync.h | 8 | ||||
| -rw-r--r-- | src/cache_iterators.c | 3 | ||||
| -rw-r--r-- | src/netlink.c | 6 | ||||
| -rw-r--r-- | src/network.c | 27 | ||||
| -rw-r--r-- | src/read_config_yy.y | 12 | ||||
| -rw-r--r-- | src/stats-mode.c | 20 | ||||
| -rw-r--r-- | src/sync-mode.c | 104 | ||||
| -rw-r--r-- | src/sync-nack.c | 27 | ||||
| -rw-r--r-- | src/sync-notrack.c | 44 |
18 files changed, 122 insertions, 198 deletions
@@ -5,6 +5,12 @@ version 0.9.4 (yet unreleased) o simplify checksum code: use UDP/multicast checksum facilities o fix silly bug in build_network_message: out of bound memset o fix error message in configure.in (Eric Leblond) +o remove useless backlog parameter in multicast sockets +o remove reminiscents of delay destroy message and relax transitions +o remove confusing StripNAT parameter: NAT support enabled by default +o relax event tracking: *_update callbacks use cache_update_force +o use wraparound-aware functions after/before/between +o lots of cleanups = conntrack = o fix segfault with conntrack --output (Krzysztof Oledzky) diff --git a/configure.in b/configure.in index 7a1445d..37e7a9c 100644 --- a/configure.in +++ b/configure.in @@ -1,4 +1,4 @@ -AC_INIT(conntrack-tools, 0.9.3, pablo@netfilter.org) +AC_INIT(conntrack-tools, 0.9.4, pablo@netfilter.org) AC_CANONICAL_SYSTEM diff --git a/examples/sync/nack/node1/conntrackd.conf b/examples/sync/nack/node1/conntrackd.conf index f24fa7e..edec9cf 100644 --- a/examples/sync/nack/node1/conntrackd.conf +++ b/examples/sync/nack/node1/conntrackd.conf @@ -33,7 +33,6 @@ Sync { IPv4_address 225.0.0.50 IPv4_interface 192.168.100.100 # IP of dedicated link Group 3780 - Backlog 20 } # Enable/Disable message checksumming @@ -118,8 +117,3 @@ IgnoreProtocol { VRRP # numeric numbers also valid } - -# -# Strip NAT traffic -# -StripNAT diff --git a/examples/sync/nack/node2/conntrackd.conf b/examples/sync/nack/node2/conntrackd.conf index 4f15773..de5f4d2 100644 --- a/examples/sync/nack/node2/conntrackd.conf +++ b/examples/sync/nack/node2/conntrackd.conf @@ -32,7 +32,6 @@ Sync { IPv4_address 225.0.0.50 IPv4_interface 192.168.100.200 # IP of dedicated link Group 3780 - Backlog 20 } # Enable/Disable message checksumming @@ -117,8 +116,3 @@ IgnoreProtocol { VRRP # numeric numbers also valid } - -# -# Strip NAT traffic -# -StripNAT diff --git a/examples/sync/persistent/node1/conntrackd.conf b/examples/sync/persistent/node1/conntrackd.conf index 90afeb7..60f264b 100644 --- a/examples/sync/persistent/node1/conntrackd.conf +++ b/examples/sync/persistent/node1/conntrackd.conf @@ -38,7 +38,6 @@ Sync { IPv4_address 225.0.0.50 IPv4_interface 192.168.100.100 # IP of dedicated link Group 3780 - Backlog 20 } # Enable/Disable message checksumming @@ -123,8 +122,3 @@ IgnoreProtocol { VRRP # numeric numbers also valid } - -# -# Strip NAT traffic -# -StripNAT diff --git a/examples/sync/persistent/node2/conntrackd.conf b/examples/sync/persistent/node2/conntrackd.conf index aee4a29..6a1806b 100644 --- a/examples/sync/persistent/node2/conntrackd.conf +++ b/examples/sync/persistent/node2/conntrackd.conf @@ -38,7 +38,6 @@ Sync { IPv4_address 225.0.0.50 IPv4_interface 192.168.100.200 # IP of dedicated link Group 3780 - Backlog 20 } # Enable/Disable message checksumming @@ -123,8 +122,3 @@ IgnoreProtocol { VRRP # numeric numbers also valid } - -# -# Strip NAT traffic -# -StripNAT diff --git a/include/conntrackd.h b/include/conntrackd.h index 76b9747..a620400 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -30,22 +30,13 @@ #define DEFAULT_LOCKFILE "/var/lock/conntrackd.lock" enum { - STRIP_NAT_BIT = 0, - STRIP_NAT = (1 << STRIP_NAT_BIT), - - DELAY_DESTROY_MSG_BIT = 1, - DELAY_DESTROY_MSG = (1 << DELAY_DESTROY_MSG_BIT), - - RELAX_TRANSITIONS_BIT = 2, - RELAX_TRANSITIONS = (1 << RELAX_TRANSITIONS_BIT), - - SYNC_MODE_PERSISTENT_BIT = 3, + SYNC_MODE_PERSISTENT_BIT = 0, SYNC_MODE_PERSISTENT = (1 << SYNC_MODE_PERSISTENT_BIT), - SYNC_MODE_NACK_BIT = 4, + SYNC_MODE_NACK_BIT = 1, SYNC_MODE_NACK = (1 << SYNC_MODE_NACK_BIT), - DONT_CHECKSUM_BIT = 5, + DONT_CHECKSUM_BIT = 2, DONT_CHECKSUM = (1 << DONT_CHECKSUM_BIT), }; @@ -122,7 +113,7 @@ struct ct_sync_state { struct mcast_sock *mcast_server; /* multicast socket: incoming */ struct mcast_sock *mcast_client; /* multicast socket: outgoing */ - struct sync_mode *mcast_sync; + struct sync_mode *sync; /* sync mode */ struct buffer *buffer; u_int32_t last_seq_sent; /* last sequence number sent */ diff --git a/include/mcast.h b/include/mcast.h index be1d0cd..66676dc 100644 --- a/include/mcast.h +++ b/include/mcast.h @@ -5,7 +5,6 @@ struct mcast_conf { int ipproto; - int backlog; int reuseaddr; int checksum; unsigned short port; diff --git a/include/network.h b/include/network.h index 176274e..5ba808a 100644 --- a/include/network.h +++ b/include/network.h @@ -30,4 +30,23 @@ enum { NET_ACK = (1 << NET_ACK_BIT), }; +/* extracted from net/tcp.h */ + +/* + * The next routines deal with comparing 32 bit unsigned ints + * and worry about wraparound (automatic with unsigned arithmetic). + */ + +static inline int before(__u32 seq1, __u32 seq2) +{ + return (__s32)(seq1-seq2) < 0; +} +#define after(seq2, seq1) before(seq1, seq2) + +/* is s2<=s1<=s3 ? */ +static inline int between(__u32 seq1, __u32 seq2, __u32 seq3) +{ + return seq3 - seq2 >= seq1 - seq2; +} + #endif diff --git a/include/sync.h b/include/sync.h index d8f1bca..72f6313 100644 --- a/include/sync.h +++ b/include/sync.h @@ -13,10 +13,10 @@ struct sync_mode { int (*init)(void); void (*kill)(void); int (*local)(int fd, int type, void *data); - int (*pre_recv)(const struct nlnetwork *net); - void (*post_send)(int type, - const struct nlnetwork *net, - struct us_conntrack *u); + int (*recv)(const struct nlnetwork *net); /* recv callback */ + void (*send)(int type, /* send callback */ + const struct nlnetwork *net, + struct us_conntrack *u); }; extern struct sync_mode notrack; diff --git a/src/cache_iterators.c b/src/cache_iterators.c index 1c03fef..fd6694a 100644 --- a/src/cache_iterators.c +++ b/src/cache_iterators.c @@ -219,7 +219,8 @@ static int do_bulk(void *data1, void *data2) debug_ct(u->ct, "failed to build"); mcast_send_netmsg(STATE_SYNC(mcast_client), net); - STATE_SYNC(mcast_sync)->post_send(NFCT_T_UPDATE, net, u); + if (STATE_SYNC(sync)->send) + STATE_SYNC(sync)->send(NFCT_T_UPDATE, net, u); /* keep iterating even if we have found errors */ return 0; diff --git a/src/netlink.c b/src/netlink.c index b1f9fd7..5f7cbeb 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -32,15 +32,13 @@ int ignore_conntrack(struct nf_conntrack *ct) return 1; /* Accept DNAT'ed traffic: not really coming to the local machine */ - if ((CONFIG(flags) & STRIP_NAT) && - nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) { + if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) { debug_ct(ct, "DNAT"); return 0; } /* Accept SNAT'ed traffic: not really coming to the local machine */ - if ((CONFIG(flags) & STRIP_NAT) && - nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) { + if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) { debug_ct(ct, "SNAT"); return 0; } diff --git a/src/network.c b/src/network.c index abd30fe..a7ce740 100644 --- a/src/network.c +++ b/src/network.c @@ -205,33 +205,16 @@ int mcast_track_seq(u_int32_t seq, u_int32_t *exp_seq) goto out; /* out of sequence: some messages got lost */ - if (seq > STATE_SYNC(last_seq_recv)+1) { + if (after(seq, STATE_SYNC(last_seq_recv)+1)) { STATE_SYNC(packets_lost) += seq-STATE_SYNC(last_seq_recv)+1; ret = 0; goto out; } - /* out of sequence: replayed or sequence wrapped around issues */ - if (seq < STATE_SYNC(last_seq_recv)+1) { - /* - * Check if the sequence has wrapped around. - * Perhaps it can be a replayed packet. - */ - if (STATE_SYNC(last_seq_recv)+1-seq > ~0U/2) { - /* - * Indeed, it is a wrapped around - */ - STATE_SYNC(packets_lost) += - ~0U-STATE_SYNC(last_seq_recv)+1+seq; - } else { - /* - * It is a delayed packet - */ - dlog(STATE(log), "delayed packet? exp=%u rcv=%u", - STATE_SYNC(last_seq_recv)+1, seq); - } - ret = 0; - } + /* out of sequence: replayed/delayed packet? */ + if (before(seq, STATE_SYNC(last_seq_recv)+1)) + dlog(STATE(log), "delayed packet? exp=%u rcv=%u", + STATE_SYNC(last_seq_recv)+1, seq); out: *exp_seq = STATE_SYNC(last_seq_recv)+1; diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 988b540..57250b4 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -84,7 +84,8 @@ lock : T_LOCK T_PATH_VAL strip_nat: T_STRIP_NAT { - conf.flags |= STRIP_NAT; + fprintf(stderr, "Notice: StripNAT clause is obsolete. " + "Please, remove it from conntrackd.conf\n"); }; refreshtime : T_REFRESH T_NUMBER @@ -228,7 +229,8 @@ multicast_option : T_IPV6_IFACE T_IP multicast_option : T_BACKLOG T_NUMBER { - conf.mcast.backlog = $2; + fprintf(stderr, "Notice: Backlog option inside Multicast clause is " + "obsolete. Please, remove it from conntrackd.conf.\n"); }; multicast_option : T_GROUP T_NUMBER @@ -354,12 +356,14 @@ window_size: T_WINDOWSIZE T_NUMBER relax_transitions: T_RELAX_TRANSITIONS { - conf.flags |= RELAX_TRANSITIONS; + fprintf(stderr, "Notice: RelaxTransitions clause is obsolete. " + "Please, remove it from conntrackd.conf\n"); }; delay_destroy_msgs: T_DELAY { - conf.flags |= DELAY_DESTROY_MSG; + fprintf(stderr, "Notice: DelayDestroyMessages clause is obsolete. " + "Please, remove it from conntrackd.conf\n"); }; listen_to: T_LISTEN_TO T_IP diff --git a/src/stats-mode.c b/src/stats-mode.c index 22474e2..f65fbdb 100644 --- a/src/stats-mode.c +++ b/src/stats-mode.c @@ -139,7 +139,6 @@ static void overrun_stats() static void event_new_stats(struct nf_conntrack *ct, struct nlmsghdr *nlh) { - debug_ct(ct, "debug event"); if (cache_add(STATE_STATS(cache), ct)) { debug_ct(ct, "cache new"); } else { @@ -151,22 +150,9 @@ static void event_new_stats(struct nf_conntrack *ct, struct nlmsghdr *nlh) static void event_update_stats(struct nf_conntrack *ct, struct nlmsghdr *nlh) { - debug_ct(ct, "update"); - - if (!cache_update(STATE_STATS(cache), ct)) { - /* - * Perhaps we are losing events. If we are working - * in relax mode then add a new entry to the cache. - * - * FIXME: relax transitions not implemented yet - */ - if ((CONFIG(flags) & RELAX_TRANSITIONS) - && cache_add(STATE_STATS(cache), ct)) { - debug_ct(ct, "forcing cache update"); - } else { - debug_ct(ct, "can't update"); - return; - } + if (!cache_update_force(STATE_STATS(cache), ct)) { + debug_ct(ct, "can't update"); + return; } debug_ct(ct, "update"); } diff --git a/src/sync-mode.c b/src/sync-mode.c index d7bee9d..cb95392 100644 --- a/src/sync-mode.c +++ b/src/sync-mode.c @@ -32,26 +32,25 @@ static void mcast_handler() { int ret; - char buf[4096], tmp[256]; - struct mcast_sock *m = STATE_SYNC(mcast_server); - unsigned int type; - struct nlnetwork *net = (struct nlnetwork *) buf; - unsigned int size = sizeof(struct nlnetwork); - struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size); - struct nf_conntrack *ct = (struct nf_conntrack *) tmp; + unsigned int type, size = sizeof(struct nlnetwork); + char __net[4096]; + struct nlnetwork *net = (struct nlnetwork *) __net; + struct nlmsghdr *nlh = (struct nlmsghdr *) (__net + size); + char __ct[nfct_maxsize()]; + struct nf_conntrack *ct = (struct nf_conntrack *) __ct; struct us_conntrack *u = NULL; - memset(tmp, 0, sizeof(tmp)); - - ret = mcast_recv_netmsg(m, buf, sizeof(buf)); + ret = mcast_recv_netmsg(STATE_SYNC(mcast_server), net, sizeof(__net)); if (ret <= 0) { STATE(malformed)++; return; } - if (STATE_SYNC(mcast_sync)->pre_recv(net)) + if (STATE_SYNC(sync)->recv(net)) return; + memset(ct, 0, sizeof(__ct)); + if ((type = parse_network_msg(ct, nlh)) == NFCT_T_ERROR) { STATE(malformed)++; return; @@ -111,19 +110,19 @@ static int init_sync(void) memset(state.sync, 0, sizeof(struct ct_sync_state)); if (CONFIG(flags) & SYNC_MODE_NACK) - STATE_SYNC(mcast_sync) = &nack; + STATE_SYNC(sync) = &nack; else /* default to persistent mode */ - STATE_SYNC(mcast_sync) = ¬rack; + STATE_SYNC(sync) = ¬rack; - if (STATE_SYNC(mcast_sync)->init) - STATE_SYNC(mcast_sync)->init(); + if (STATE_SYNC(sync)->init) + STATE_SYNC(sync)->init(); STATE_SYNC(internal) = cache_create("internal", - STATE_SYNC(mcast_sync)->internal_cache_flags, + STATE_SYNC(sync)->internal_cache_flags, CONFIG(family), - STATE_SYNC(mcast_sync)->internal_cache_extra); + STATE_SYNC(sync)->internal_cache_extra); if (!STATE_SYNC(internal)) { dlog(STATE(log), "[FAIL] can't allocate memory for " @@ -133,7 +132,7 @@ static int init_sync(void) STATE_SYNC(external) = cache_create("external", - STATE_SYNC(mcast_sync)->external_cache_flags, + STATE_SYNC(sync)->external_cache_flags, CONFIG(family), NULL); @@ -192,8 +191,8 @@ static void kill_sync() destroy_alarm_thread(); - if (STATE_SYNC(mcast_sync)->kill) - STATE_SYNC(mcast_sync)->kill(); + if (STATE_SYNC(sync)->kill) + STATE_SYNC(sync)->kill(); } static dump_stats_sync(int fd) @@ -253,8 +252,8 @@ static int local_handler_sync(int fd, int type, void *data) cache_bulk(STATE_SYNC(internal)); break; default: - if (STATE_SYNC(mcast_sync)->local) - ret = STATE_SYNC(mcast_sync)->local(fd, type, data); + if (STATE_SYNC(sync)->local) + ret = STATE_SYNC(sync)->local(fd, type, data); break; } @@ -280,17 +279,18 @@ static void mcast_send_sync(struct nlmsghdr *nlh, struct nf_conntrack *ct, int type) { - char buf[4096]; - struct nlnetwork *net = (struct nlnetwork *) buf; + char __net[4096]; + struct nlnetwork *net = (struct nlnetwork *) __net; - memset(buf, 0, sizeof(buf)); + memset(__net, 0, sizeof(__net)); if (!state_helper_verdict(type, ct)) return; - memcpy(buf + sizeof(struct nlnetwork), nlh, nlh->nlmsg_len); - mcast_send_netmsg(STATE_SYNC(mcast_client), net); - STATE_SYNC(mcast_sync)->post_send(type, net, u); + memcpy(__net + sizeof(struct nlnetwork), nlh, nlh->nlmsg_len); + mcast_send_netmsg(STATE_SYNC(mcast_client), net); + if (STATE_SYNC(sync)->send) + STATE_SYNC(sync)->send(type, net, u); } static int overrun_cb(enum nf_conntrack_msg_type type, @@ -313,18 +313,16 @@ static int overrun_cb(enum nf_conntrack_msg_type type, if (!cache_test(STATE_SYNC(internal), ct)) { if ((u = cache_update_force(STATE_SYNC(internal), ct))) { int ret; - char buf[4096]; - struct nlnetwork *net = (struct nlnetwork *) buf; - unsigned int size = sizeof(struct nlnetwork); - struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size); + char __nlh[4096]; + struct nlmsghdr *nlh = (struct nlmsghdr *) __nlh; debug_ct(u->ct, "overrun resync"); - ret = build_network_msg(NFCT_Q_UPDATE, - STATE(subsys_dump), - u->ct, - buf, - sizeof(buf)); + ret = nfct_build_query(STATE(subsys_dump), + NFCT_Q_UPDATE, + u->ct, + __nlh, + sizeof(__nlh)); if (ret == -1) { dlog(STATE(log), "can't build overrun"); @@ -346,18 +344,16 @@ static int overrun_purge_step(void *data1, void *data2) ret = nfct_query(h, NFCT_Q_GET, u->ct); if (ret == -1 && errno == ENOENT) { - char buf[4096]; - struct nlnetwork *net = (struct nlnetwork *) buf; - unsigned int size = sizeof(struct nlnetwork); - struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size); + char __nlh[4096]; + struct nlmsghdr *nlh = (struct nlmsghdr *) (__nlh); debug_ct(u->ct, "overrun purge resync"); - - ret = build_network_msg(NFCT_Q_DESTROY, - STATE(subsys_dump), - u->ct, - buf, - sizeof(buf)); + + ret = nfct_build_query(STATE(subsys_dump), + NFCT_Q_DESTROY, + u->ct, + __nlh, + sizeof(__nlh)); if (ret == -1) dlog(STATE(log), "failed to build network message"); @@ -411,18 +407,6 @@ retry: debug_ct(u->ct, "internal new"); } else { if (errno == EEXIST) { - char buf[4096]; - unsigned int size = sizeof(struct nlnetwork); - struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size); - - int ret = build_network_msg(NFCT_Q_DESTROY, - STATE(subsys_event), - ct, - buf, - sizeof(buf)); - if (ret == -1) - return; - cache_del(STATE_SYNC(internal), ct); mcast_send_sync(nlh, NULL, ct, NFCT_T_DESTROY); goto retry; @@ -440,7 +424,7 @@ static void event_update_sync(struct nf_conntrack *ct, struct nlmsghdr *nlh) nfct_attr_unset(ct, ATTR_TIMEOUT); - if ((u = cache_update(STATE_SYNC(internal), ct)) == NULL) { + if ((u = cache_update_force(STATE_SYNC(internal), ct)) == NULL) { debug_ct(ct, "can't update"); return; } diff --git a/src/sync-nack.c b/src/sync-nack.c index 73f6dc2..e435b09 100644 --- a/src/sync-nack.c +++ b/src/sync-nack.c @@ -136,7 +136,7 @@ static int buffer_compare(void *data1, void *data2) unsigned old_seq = ntohl(net->seq); - if (ntohl(net->seq) >= nack->from && ntohl(net->seq) <= nack->to) { + if (between(ntohl(net->seq), nack->from, nack->to)) { if (mcast_resend_netmsg(STATE_SYNC(mcast_client), net)) dp("resend destroy (old seq=%u) (seq=%u)\n", old_seq, ntohl(net->seq)); @@ -149,7 +149,7 @@ static int buffer_remove(void *data1, void *data2) struct nlnetwork *net = data1; struct nlnetwork_ack *h = data2; - if (ntohl(net->seq) >= h->from && ntohl(net->seq) <= h->to) { + if (between(ntohl(net->seq), h->from, h->to)) { dp("remove from buffer (seq=%u)\n", ntohl(net->seq)); __buffer_del(STATE_SYNC(buffer), data1); } @@ -169,7 +169,7 @@ static void queue_resend(struct cache *c, unsigned int from, unsigned int to) u = cache_get_conntrack(STATE_SYNC(internal), cn); - if (cn->seq >= from && cn->seq <= to) { + if (between(cn->seq, from, to)) { debug_ct(u->ct, "resend nack"); dp("resending nack'ed (oldseq=%u) ", cn->seq); @@ -186,10 +186,9 @@ static void queue_resend(struct cache *c, unsigned int from, unsigned int to) break; } - mcast_send_netmsg(STATE_SYNC(mcast_client), buf); - STATE_SYNC(mcast_sync)->post_send(NFCT_T_UPDATE, - net, - u); + mcast_send_netmsg(STATE_SYNC(mcast_client), buf); + if (STATE_SYNC(sync)->send) + STATE_SYNC(sync)->send(NFCT_T_UPDATE, net, u); dp("(newseq=%u)\n", *seq); } } @@ -208,7 +207,7 @@ static void queue_empty(struct cache *c, unsigned int from, unsigned int to) struct cache_nack *cn = (struct cache_nack *) n; u = cache_get_conntrack(STATE_SYNC(internal), cn); - if (cn->seq >= from && cn->seq <= to) { + if (between(cn->seq, from, to)) { dp("remove %u\n", cn->seq); debug_ct(u->ct, "ack received: empty queue"); dp("queue: deleting from queue (seq=%u)\n", cn->seq); @@ -219,7 +218,7 @@ static void queue_empty(struct cache *c, unsigned int from, unsigned int to) unlock(); } -static int nack_pre_recv(const struct nlnetwork *net) +static int nack_recv(const struct nlnetwork *net) { static unsigned int window = 0; unsigned int exp_seq; @@ -262,9 +261,9 @@ static int nack_pre_recv(const struct nlnetwork *net) return 0; } -static void nack_post_send(int type, - const struct nlnetwork *net, - struct us_conntrack *u) +static void nack_send(int type, + const struct nlnetwork *net, + struct us_conntrack *u) { unsigned int size = sizeof(struct nlnetwork); struct nlmsghdr *nlh = (struct nlmsghdr *) ((void *) net + size); @@ -301,6 +300,6 @@ struct sync_mode nack = { .init = nack_init, .kill = nack_kill, .local = nack_local, - .pre_recv = nack_pre_recv, - .post_send = nack_post_send, + .recv = nack_recv, + .send = nack_send, }; diff --git a/src/sync-notrack.c b/src/sync-notrack.c index cc56436..4a470f9 100644 --- a/src/sync-notrack.c +++ b/src/sync-notrack.c @@ -25,33 +25,18 @@ static void refresher(struct alarm_list *a, void *data) { struct us_conntrack *u = data; - char buf[8192]; + char __net[4096]; int size; - if (nfct_get_attr_u32(u->ct, ATTR_STATUS) & IPS_DYING) { - - debug_ct(u->ct, "persistence destroy"); + debug_ct(u->ct, "persistence update"); - size = build_network_msg(NFCT_Q_DESTROY, - STATE(subsys_event), - u->ct, - buf, - sizeof(buf)); - - __cache_del(u->cache, u->ct); - mcast_send_netmsg(STATE_SYNC(mcast_client), buf); - } else { - - debug_ct(u->ct, "persistence update"); - - a->expires = random() % CONFIG(refresh) + 1; - size = build_network_msg(NFCT_Q_UPDATE, - STATE(subsys_event), - u->ct, - buf, - sizeof(buf)); - mcast_send_netmsg(STATE_SYNC(mcast_client), buf); - } + a->expires = random() % CONFIG(refresh) + 1; + size = build_network_msg(NFCT_Q_UPDATE, + STATE(subsys_event), + u->ct, + __net, + sizeof(__net)); + mcast_send_netmsg(STATE_SYNC(mcast_client), __net); } static void cache_notrack_add(struct us_conntrack *u, void *data) @@ -84,7 +69,7 @@ static struct cache_extra cache_notrack_extra = { .destroy = cache_notrack_destroy }; -static int notrack_pre_recv(const struct nlnetwork *net) +static int notrack_recv(const struct nlnetwork *net) { unsigned int exp_seq; @@ -114,16 +99,9 @@ static int notrack_pre_recv(const struct nlnetwork *net) return 0; } -static void notrack_post_send(int type, - const struct nlnetwork *n, - struct us_conntrack *u) -{ -} - struct sync_mode notrack = { .internal_cache_flags = LIFETIME, .external_cache_flags = TIMER | LIFETIME, .internal_cache_extra = &cache_notrack_extra, - .pre_recv = notrack_pre_recv, - .post_send = notrack_post_send, + .recv = notrack_recv, }; |