summaryrefslogtreecommitdiff
path: root/src/sync-mode.c
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-11-25 18:08:02 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-11-25 18:08:02 +0000
commit3c5e35974c65f4470e6543c2cc772c0f1824dc44 (patch)
tree11fd67edbffc4c626af730738465108f965eb863 /src/sync-mode.c
parent66cd168df39bfcf581bb36250a080a66331ee5cd (diff)
downloadconntrack-tools-3c5e35974c65f4470e6543c2cc772c0f1824dc44.tar.gz
conntrack-tools-3c5e35974c65f4470e6543c2cc772c0f1824dc44.zip
Add CacheWriteThrough clause: external cache write through policy. This feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection.
Diffstat (limited to 'src/sync-mode.c')
-rw-r--r--src/sync-mode.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/src/sync-mode.c b/src/sync-mode.c
index e48b121..8a19ac5 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -147,6 +147,10 @@ static int init_sync(void)
return -1;
}
+ /* straight forward commit of conntrack to kernel space */
+ if (CONFIG(cache_write_through))
+ STATE_SYNC(sync)->external_cache_flags |= WRITE_THROUGH;
+
STATE_SYNC(external) =
cache_create("external",
STATE_SYNC(sync)->external_cache_flags,
@@ -301,8 +305,10 @@ static int local_handler_sync(int fd, int type, void *data)
static void dump_sync(struct nf_conntrack *ct)
{
+ if (!CONFIG(cache_write_through))
+ nfct_attr_unset(ct, ATTR_TIMEOUT);
+
/* This is required by kernels < 2.6.20 */
- nfct_attr_unset(ct, ATTR_TIMEOUT);
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS);
nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES);
@@ -339,8 +345,10 @@ static int overrun_cb(enum nf_conntrack_msg_type type,
if (ignore_conntrack(ct))
return NFCT_CB_CONTINUE;
+ if (!CONFIG(cache_write_through))
+ nfct_attr_unset(ct, ATTR_TIMEOUT);
+
/* This is required by kernels < 2.6.20 */
- nfct_attr_unset(ct, ATTR_TIMEOUT);
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS);
nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES);
@@ -420,12 +428,14 @@ static void event_new_sync(struct nf_conntrack *ct)
{
struct us_conntrack *u;
+ if (!CONFIG(cache_write_through))
+ nfct_attr_unset(ct, ATTR_TIMEOUT);
+
/* required by linux kernel <= 2.6.20 */
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS);
nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES);
nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS);
- nfct_attr_unset(ct, ATTR_TIMEOUT);
retry:
if ((u = cache_add(STATE_SYNC(internal), ct))) {
mcast_send_sync(u, ct, NFCT_Q_CREATE);
@@ -447,7 +457,8 @@ static void event_update_sync(struct nf_conntrack *ct)
{
struct us_conntrack *u;
- nfct_attr_unset(ct, ATTR_TIMEOUT);
+ if (!CONFIG(cache_write_through))
+ nfct_attr_unset(ct, ATTR_TIMEOUT);
if ((u = cache_update_force(STATE_SYNC(internal), ct)) == NULL) {
debug_ct(ct, "can't update");
@@ -459,7 +470,8 @@ static void event_update_sync(struct nf_conntrack *ct)
static int event_destroy_sync(struct nf_conntrack *ct)
{
- nfct_attr_unset(ct, ATTR_TIMEOUT);
+ if (!CONFIG(cache_write_through))
+ nfct_attr_unset(ct, ATTR_TIMEOUT);
if (cache_del(STATE_SYNC(internal), ct)) {
mcast_send_sync(NULL, ct, NFCT_Q_DESTROY);