diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-08-19 16:59:38 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-08-19 16:59:38 +0200 |
commit | 3e6852f806c4368eda451b39f12b2ac2f2b5d33b (patch) | |
tree | c4783baf3dec6aa3460e33426414e1da28a62b69 /src/external_cache.c | |
parent | 32ca6a144903b2e6318ee61d1dda3f670d3c09da (diff) | |
download | conntrack-tools-3e6852f806c4368eda451b39f12b2ac2f2b5d33b.tar.gz conntrack-tools-3e6852f806c4368eda451b39f12b2ac2f2b5d33b.zip |
conntrackd: add `DisableExternalCache' clause
This patch adds the clause `DisableExternalCache' that allows you
to disable the external cache and to directly inject the entries
into the kernel conntrack table. As a result, the CPU consumption
of conntrackd increases. This clause can only be used with the
FT-FW and the notrack synchronization modes, but not with the
alarm mode.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/external_cache.c')
-rw-r--r-- | src/external_cache.c | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/src/external_cache.c b/src/external_cache.c new file mode 100644 index 0000000..c70c818 --- /dev/null +++ b/src/external_cache.c @@ -0,0 +1,122 @@ +/* + * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +#include "conntrackd.h" +#include "sync.h" +#include "log.h" +#include "cache.h" +#include "external.h" + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <stdlib.h> + +static struct cache *external; + +static int external_cache_init(void) +{ + external = cache_create("external", + STATE_SYNC(sync)->external_cache_flags, + NULL); + if (external == NULL) { + dlog(LOG_ERR, "can't allocate memory for the external cache"); + return -1; + } + return 0; +} + +static void external_cache_close(void) +{ + cache_destroy(external); +} + +static void external_cache_new(struct nf_conntrack *ct) +{ + struct cache_object *obj; + int id; + + obj = cache_find(external, ct, &id); + if (obj == NULL) { +retry: + obj = cache_object_new(external, ct); + if (obj == NULL) + return; + + if (cache_add(external, obj, id) == -1) { + cache_object_free(obj); + return; + } + } else { + cache_del(external, obj); + cache_object_free(obj); + goto retry; + } +} + +static void external_cache_upd(struct nf_conntrack *ct) +{ + cache_update_force(external, ct); +} + +static void external_cache_del(struct nf_conntrack *ct) +{ + struct cache_object *obj; + int id; + + obj = cache_find(external, ct, &id); + if (obj) { + cache_del(external, obj); + cache_object_free(obj); + } +} + +static void external_cache_dump(int fd, int type) +{ + cache_dump(external, fd, type); +} + +static void external_cache_commit(struct nfct_handle *h, int fd) +{ + cache_commit(external, h, fd); +} + +static void external_cache_flush(void) +{ + cache_flush(external); +} + +static void external_cache_stats(int fd) +{ + cache_stats(external, fd); +} + +static void external_cache_stats_ext(int fd) +{ + cache_stats_extended(external, fd); +} + +struct external_handler external_cache = { + .init = external_cache_init, + .close = external_cache_close, + .new = external_cache_new, + .update = external_cache_upd, + .destroy = external_cache_del, + .dump = external_cache_dump, + .commit = external_cache_commit, + .flush = external_cache_flush, + .stats = external_cache_stats, + .stats_ext = external_cache_stats_ext, +}; |