summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-07-09 19:11:53 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-07-09 19:11:53 +0000
commit96084e1a1f2e0a49c961bbddb9fffd2e03bfae3f (patch)
treec078d88b157faa7c5ce76bc4591205756f09742b /include
parent4df0be6fbf6a47905e0edf11c13b49ea0eacee5b (diff)
downloadconntrack-tools-96084e1a1f2e0a49c961bbddb9fffd2e03bfae3f.tar.gz
conntrack-tools-96084e1a1f2e0a49c961bbddb9fffd2e03bfae3f.zip
- conntrack-tools requires libnetfilter_conntrack >= 0.0.81
- add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy
Diffstat (limited to 'include')
-rw-r--r--include/Makefile.am2
-rw-r--r--include/buffer.h5
-rw-r--r--include/conntrackd.h21
-rw-r--r--include/debug.h56
-rw-r--r--include/network.h106
-rw-r--r--include/sync.h7
-rw-r--r--include/timer.h17
7 files changed, 147 insertions, 67 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index a7716d9..7b6bc14 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -2,5 +2,5 @@
noinst_HEADERS = alarm.h jhash.h slist.h cache.h linux_list.h \
sync.h conntrackd.h local.h us-conntrack.h \
debug.h log.h hash.h mcast.h buffer.h conntrack.h \
- state_helper.h network.h ignore.h
+ state_helper.h network.h ignore.h timer.h
diff --git a/include/buffer.h b/include/buffer.h
index 8d72dfb..cb42f51 100644
--- a/include/buffer.h
+++ b/include/buffer.h
@@ -4,13 +4,12 @@
#include <stdlib.h>
#include <errno.h>
#include <string.h>
-#include <pthread.h>
#include "linux_list.h"
struct buffer {
- pthread_mutex_t lock;
size_t max_size;
size_t cur_size;
+ unsigned int num_elems;
struct list_head head;
};
@@ -22,9 +21,9 @@ struct buffer_node {
struct buffer *buffer_create(size_t max_size);
void buffer_destroy(struct buffer *b);
+unsigned int buffer_len(struct buffer *b);
int buffer_add(struct buffer *b, const void *data, size_t size);
void buffer_del(struct buffer *b, void *data);
-void __buffer_del(struct buffer *b, void *data);
void buffer_iterate(struct buffer *b,
void *data,
int (*iterate)(void *data1, void *data2));
diff --git a/include/conntrackd.h b/include/conntrackd.h
index a620400..e89fc79 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -10,6 +10,7 @@
#include "debug.h"
#include <signal.h>
#include "state_helper.h"
+#include "linux_list.h"
#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
/* UNIX facilities */
@@ -92,11 +93,8 @@ struct ct_general_state {
struct ct_mode *mode;
struct ignore_pool *ignore_pool;
- struct nfnl_handle *event; /* event handler */
- struct nfnl_handle *dump; /* dump handler */
-
- struct nfnl_subsys_handle *subsys_event; /* events */
- struct nfnl_subsys_handle *subsys_dump; /* dump */
+ struct nfct_handle *event; /* event handler */
+ struct nfct_handle *dump; /* dump handler */
/* statistics */
u_int64_t malformed;
@@ -114,7 +112,6 @@ struct ct_sync_state {
struct mcast_sock *mcast_client; /* multicast socket: outgoing */
struct sync_mode *sync; /* sync mode */
- struct buffer *buffer;
u_int32_t last_seq_sent; /* last sequence number sent */
u_int32_t last_seq_recv; /* last sequence number recv */
@@ -141,17 +138,19 @@ extern struct ct_general_state st;
#define IPPROTO_VRRP 112
#endif
+#define STEPS_PER_SECONDS 5
+
struct ct_mode {
int (*init)(void);
int (*add_fds_to_set)(fd_set *readfds);
- void (*step)(fd_set *readfds);
+ void (*run)(fd_set *readfds, int step);
int (*local)(int fd, int type, void *data);
void (*kill)(void);
- void (*dump)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
+ void (*dump)(struct nf_conntrack *ct);
void (*overrun)(void);
- void (*event_new)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
- void (*event_upd)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
- int (*event_dst)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
+ void (*event_new)(struct nf_conntrack *ct);
+ void (*event_upd)(struct nf_conntrack *ct);
+ int (*event_dst)(struct nf_conntrack *ct);
};
/* conntrackd modes */
diff --git a/include/debug.h b/include/debug.h
index 4d1f44f..1ffd9ac 100644
--- a/include/debug.h
+++ b/include/debug.h
@@ -1,57 +1,21 @@
#ifndef _DEBUG_H
#define _DEBUG_H
-#if 0
-#define debug printf
-#else
-#define debug
-#endif
-
-#include <string.h>
-#include <netinet/in.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
#undef DEBUG_CT
-static inline void debug_ct(struct nf_conntrack *ct, char *msg)
-{
#ifdef DEBUG_CT
- struct in_addr addr, addr2, addr3, addr4;
-
- debug("----%s (%p) ----\n", msg, ct);
- memcpy(&addr,
- nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC),
- sizeof(u_int32_t));
- memcpy(&addr2,
- nfct_get_attr(ct, ATTR_ORIG_IPV4_DST),
- sizeof(u_int32_t));
- memcpy(&addr3,
- nfct_get_attr(ct, ATTR_REPL_IPV4_SRC),
- sizeof(u_int32_t));
- memcpy(&addr4,
- nfct_get_attr(ct, ATTR_REPL_IPV4_DST),
- sizeof(u_int32_t));
-
- debug("status: %x\n", nfct_get_attr_u32(ct, ATTR_STATUS));
- debug("l3:%d l4:%d ",
- nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO),
- nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO));
- debug("%s:%hu ->", inet_ntoa(addr),
- ntohs(nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC)));
- debug("%s:%hu\n",
- inet_ntoa(addr2),
- ntohs(nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST)));
- debug("l3:%d l4:%d ",
- nfct_get_attr_u8(ct, ATTR_REPL_L3PROTO),
- nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO));
- debug("%s:%hu ->",
- inet_ntoa(addr3),
- ntohs(nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC)));
- debug("%s:%hu\n",
- inet_ntoa(addr4),
- ntohs(nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST)));
- debug("-------------------------\n");
+#define debug_ct(ct, msg) \
+({ \
+ char buf[1024]; \
+ nfct_snprintf(buf, 1024, ct, NFCT_T_ALL, 0, 0); \
+ printf("[%s]: %s\n", msg, buf); \
+})
+#define debug printf
+#else
+#define debug_ct(ct, msg)
+#define debug
#endif
-}
#endif
diff --git a/include/network.h b/include/network.h
index 31903a5..bc9431d 100644
--- a/include/network.h
+++ b/include/network.h
@@ -5,14 +5,17 @@
struct nethdr {
u_int16_t flags;
- u_int16_t padding;
+ u_int16_t len;
u_int32_t seq;
};
#define NETHDR_SIZ sizeof(struct nethdr)
+#define NETHDR_DATA(x) \
+ (struct netpld *)(((char *)x) + sizeof(struct nethdr))
+
struct nethdr_ack {
u_int16_t flags;
- u_int16_t padding;
+ u_int16_t len;
u_int32_t seq;
u_int32_t from;
u_int32_t to;
@@ -31,8 +34,59 @@ enum {
NET_F_ACK_BIT = 3,
NET_F_ACK = (1 << NET_F_ACK_BIT),
+
+ NET_F_ALIVE_BIT = 4,
+ NET_F_ALIVE = (1 << NET_F_ALIVE_BIT),
};
+#define BUILD_NETMSG(ct, query) \
+({ \
+ char __net[4096]; \
+ memset(__net, 0, sizeof(__net)); \
+ build_netmsg(ct, query, (struct nethdr *) __net); \
+ (struct nethdr *) __net; \
+})
+
+struct us_conntrack;
+struct mcast_sock;
+
+void build_netmsg(struct nf_conntrack *ct, int query, struct nethdr *net);
+int prepare_send_netmsg(struct mcast_sock *m, void *data);
+int mcast_send_netmsg(struct mcast_sock *m, void *data);
+int mcast_recv_netmsg(struct mcast_sock *m, void *data, int len);
+
+#define IS_DATA(x) ((x->flags & ~NET_F_HELLO) == 0)
+#define IS_ACK(x) (x->flags & NET_F_ACK)
+#define IS_NACK(x) (x->flags & NET_F_NACK)
+#define IS_RESYNC(x) (x->flags & NET_F_RESYNC)
+#define IS_ALIVE(x) (x->flags & NET_F_ALIVE)
+#define IS_CTL(x) IS_ACK(x) || IS_NACK(x) || IS_RESYNC(x) || IS_ALIVE(x)
+#define IS_HELLO(x) (x->flags & NET_F_HELLO)
+
+#define HDR_NETWORK2HOST(x) \
+({ \
+ x->flags = ntohs(x->flags); \
+ x->len = ntohs(x->len); \
+ x->seq = ntohl(x->seq); \
+ if (IS_CTL(x)) { \
+ struct nethdr_ack *__ack = (struct nethdr_ack *) x; \
+ __ack->from = ntohl(__ack->from); \
+ __ack->to = ntohl(__ack->to); \
+ } \
+})
+
+#define HDR_HOST2NETWORK(x) \
+({ \
+ if (IS_CTL(x)) { \
+ struct nethdr_ack *__ack = (struct nethdr_ack *) x; \
+ __ack->from = htonl(__ack->from); \
+ __ack->to = htonl(__ack->to); \
+ } \
+ x->flags = htons(x->flags); \
+ x->len = htons(x->len); \
+ x->seq = htonl(x->seq); \
+})
+
/* extracted from net/tcp.h */
/*
@@ -52,4 +106,52 @@ static inline int between(__u32 seq1, __u32 seq2, __u32 seq3)
return seq3 - seq2 >= seq1 - seq2;
}
+struct netpld {
+ u_int16_t len;
+ u_int16_t query;
+};
+#define NETPLD_SIZ sizeof(struct netpld)
+
+#define PLD_NETWORK2HOST(x) \
+({ \
+ x->len = ntohs(x->len); \
+ x->query = ntohs(x->query); \
+})
+
+#define PLD_HOST2NETWORK(x) \
+({ \
+ x->len = htons(x->len); \
+ x->query = htons(x->query); \
+})
+
+struct netattr {
+ u_int16_t nta_len;
+ u_int16_t nta_attr;
+};
+
+#define ATTR_NETWORK2HOST(x) \
+({ \
+ x->nta_len = ntohs(x->nta_len); \
+ x->nta_attr = ntohs(x->nta_attr); \
+})
+
+#define PLD_DATA(x) \
+ (struct netattr *)(((char *)x) + sizeof(struct netpld))
+
+#define PLD_TAIL(x) \
+ (struct netattr *)(((char *)x) + sizeof(struct netpld) + x->len)
+
+#define NTA_DATA(x) \
+ (void *)(((char *)x) + sizeof(struct netattr))
+
+#define NTA_NEXT(x, len) \
+({ \
+ len -= NTA_ALIGN(NTA_LENGTH(x->nta_len)); \
+ (struct netattr *)(((char *)x) + NTA_ALIGN(NTA_LENGTH(x->nta_len))); \
+})
+
+#define NTA_ALIGNTO 4
+#define NTA_ALIGN(len) (((len) + NTA_ALIGNTO - 1) & ~(NTA_ALIGNTO - 1))
+#define NTA_LENGTH(len) (NTA_ALIGN(sizeof(struct netattr)) + (len))
+
#endif
diff --git a/include/sync.h b/include/sync.h
index a737e81..6345513 100644
--- a/include/sync.h
+++ b/include/sync.h
@@ -13,10 +13,9 @@ struct sync_mode {
int (*init)(void);
void (*kill)(void);
int (*local)(int fd, int type, void *data);
- int (*recv)(const struct nethdr *net); /* recv callback */
- void (*send)(int type, /* send callback */
- const struct nethdr *net,
- struct us_conntrack *u);
+ int (*recv)(const struct nethdr *net);
+ void (*send)(struct nethdr *net, struct us_conntrack *u);
+ void (*run)(int step);
};
extern struct sync_mode notrack;
diff --git a/include/timer.h b/include/timer.h
new file mode 100644
index 0000000..37b0fc9
--- /dev/null
+++ b/include/timer.h
@@ -0,0 +1,17 @@
+#ifndef _TIMER_H_
+#define _TIMER_H_
+
+#include <sys/time.h>
+
+struct timer {
+ long credits;
+ struct timeval start;
+ struct timeval stop;
+ struct timeval diff;
+};
+
+#define GET_CREDITS(x) x.credits
+#define GET_STARTTIME(x) x.start
+#define GET_STOPTIME(x) x.stop
+
+#endif