conntrackd: add `DisableExternalCache' clause

This patch adds the clause `DisableExternalCache' that allows you
to disable the external cache and to directly inject the entries
into the kernel conntrack table. As a result, the CPU consumption
of conntrackd increases. This clause can only be used with the
FT-FW and the notrack synchronization modes, but not with the
alarm mode.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 24 insertions, 0 deletions

diff --git a/include/external.h b/include/external.h
new file mode 100644
index 0000000..938941a
--- /dev/null
+++ b/include/external.h
@@ -0,0 +1,24 @@
+#ifndef _EXTERNAL_H_
+#define _EXTERNAL_H_
+
+struct nf_conntrack;
+
+struct external_handler {
+	int	(*init)(void);
+	void	(*close)(void);
+
+	void	(*new)(struct nf_conntrack *ct);
+	void	(*update)(struct nf_conntrack *ct);
+	void	(*destroy)(struct nf_conntrack *ct);
+
+	void	(*dump)(int fd, int type);
+	void	(*flush)(void);
+	void	(*commit)(struct nfct_handle *h, int fd);
+	void	(*stats)(int fd);
+	void	(*stats_ext)(int fd);
+};
+
+extern struct external_handler external_cache;
+extern struct external_handler external_inject;
+
+#endif