diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-08-01 17:52:54 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-08-01 17:52:54 +0200 |
| commit | 9de87ff1c675f7ae5f463c4820bffb502e7ce852 (patch) | |
| tree | f08dd393ce7b788838225515b5eac102c3b81fac /src/cache_iterators.c | |
| parent | 6356d191a6d97483ad904fa1c8279a30564220cf (diff) | |
| download | conntrack-tools-9de87ff1c675f7ae5f463c4820bffb502e7ce852.tar.gz conntrack-tools-9de87ff1c675f7ae5f463c4820bffb502e7ce852.zip | |
ftfw: show consistent information to users for problem diagnosing
This patch hides information that may confuse users while they are
diagnosing problems in their setup. For example, we hide entries
that are schedule to expire - from the user side, they are already
destroyed entries; and we show in the counters the real active entries,
not all that are stored in the caches.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cache_iterators.c')
| -rw-r--r-- | src/cache_iterators.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/cache_iterators.c b/src/cache_iterators.c index e9ddbc0..407db0b 100644 --- a/src/cache_iterators.c +++ b/src/cache_iterators.c @@ -42,6 +42,19 @@ static int do_dump(void *data1, void *data2) char *data = u->data; unsigned i; + /* + * XXX: Do not dump the entries that are scheduled to expire. + * These entries talk about already destroyed connections + * that we keep for some time just in case that we have to + * resent some lost messages. We do not show them to the + * user as he may think that the firewall replicas are not + * in sync. The branch below is a hack as it is quite + * specific and it breaks conntrackd modularity. Probably + * there's a nicer way to do this but until I come up with it... + */ + if (CONFIG(flags) & CTD_SYNC_FTFW && alarm_pending(&u->alarm)) + return 0; + memset(buf, 0, sizeof(buf)); size = nfct_snprintf(buf, sizeof(buf), |