diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-08-19 16:59:38 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-08-19 16:59:38 +0200 |
| commit | 3e6852f806c4368eda451b39f12b2ac2f2b5d33b (patch) | |
| tree | c4783baf3dec6aa3460e33426414e1da28a62b69 /include | |
| parent | 32ca6a144903b2e6318ee61d1dda3f670d3c09da (diff) | |
| download | conntrack-tools-3e6852f806c4368eda451b39f12b2ac2f2b5d33b.tar.gz conntrack-tools-3e6852f806c4368eda451b39f12b2ac2f2b5d33b.zip | |
conntrackd: add `DisableExternalCache' clause
This patch adds the clause `DisableExternalCache' that allows you
to disable the external cache and to directly inject the entries
into the kernel conntrack table. As a result, the CPU consumption
of conntrackd increases. This clause can only be used with the
FT-FW and the notrack synchronization modes, but not with the
alarm mode.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/Makefile.am | 2 | ||||
| -rw-r--r-- | include/conntrackd.h | 5 | ||||
| -rw-r--r-- | include/external.h | 24 | ||||
| -rw-r--r-- | include/origin.h | 1 |
4 files changed, 30 insertions, 2 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index b72fb36..0fa76af 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -4,5 +4,5 @@ noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \ debug.h log.h hash.h mcast.h conntrack.h \ network.h filter.h queue.h vector.h cidr.h \ traffic_stats.h netlink.h fds.h event.h bitops.h channel.h \ - process.h origin.h + process.h origin.h external.h diff --git a/include/conntrackd.h b/include/conntrackd.h index 907ce33..ce8f9d4 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -96,6 +96,9 @@ struct ct_conf { int filter_from_kernelspace; int event_iterations_limit; struct { + int external_cache_disable; + } sync; + struct { int events_reliable; } netlink; struct { @@ -172,7 +175,7 @@ struct ct_general_state { struct ct_sync_state { struct cache *internal; /* internal events cache (netlink) */ - struct cache *external; /* external events cache (mcast) */ + struct external_handler *external; struct multichannel *channel; struct nlif_handle *interface; diff --git a/include/external.h b/include/external.h new file mode 100644 index 0000000..938941a --- /dev/null +++ b/include/external.h @@ -0,0 +1,24 @@ +#ifndef _EXTERNAL_H_ +#define _EXTERNAL_H_ + +struct nf_conntrack; + +struct external_handler { + int (*init)(void); + void (*close)(void); + + void (*new)(struct nf_conntrack *ct); + void (*update)(struct nf_conntrack *ct); + void (*destroy)(struct nf_conntrack *ct); + + void (*dump)(int fd, int type); + void (*flush)(void); + void (*commit)(struct nfct_handle *h, int fd); + void (*stats)(int fd); + void (*stats_ext)(int fd); +}; + +extern struct external_handler external_cache; +extern struct external_handler external_inject; + +#endif diff --git a/include/origin.h b/include/origin.h index 89308f3..1b974e9 100644 --- a/include/origin.h +++ b/include/origin.h @@ -6,6 +6,7 @@ enum { any process, but not conntrackd */ CTD_ORIGIN_COMMIT, /* event comes from committer */ CTD_ORIGIN_FLUSH, /* event comes from flush */ + CTD_ORIGIN_INJECT, /* event comes from direct inject */ }; int origin_register(struct nfct_handle *h, int origin_type); |