summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-08-01 14:35:47 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2008-08-01 14:35:47 +0200
commit6356d191a6d97483ad904fa1c8279a30564220cf (patch)
treefb86ab79caba3758329507520ab8f3e148849482 /src
parentff402549052eb4b98ac9404a2f273d78ce323c94 (diff)
downloadconntrack-tools-6356d191a6d97483ad904fa1c8279a30564220cf.tar.gz
conntrack-tools-6356d191a6d97483ad904fa1c8279a30564220cf.zip
fix broken normal deletion in caches
This patch fixes the non-timer-based cache deletion. This bug affects the alarm-based approach since the backup replicas did not get the deletion event, thus, delaying the deletion. This patch introduces cache_find() to look up for a conntrack object and __cache_del_timer() to perform direct deletions by means of the pointer obtained with cache_find(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/cache.c62
-rw-r--r--src/sync-mode.c19
2 files changed, 40 insertions, 41 deletions
diff --git a/src/cache.c b/src/cache.c
index a73854f..7cd5ac7 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -321,7 +321,13 @@ static void __del2(struct cache *c, struct us_conntrack *u)
free(p);
}
-static int __del(struct cache *c, struct nf_conntrack *ct)
+static void __cache_del(struct cache *c, struct us_conntrack *u)
+{
+ del_alarm(&u->alarm);
+ __del2(c, u);
+}
+
+int cache_del(struct cache *c, struct nf_conntrack *ct)
{
size_t size = c->h->datasize;
char buf[size];
@@ -331,16 +337,7 @@ static int __del(struct cache *c, struct nf_conntrack *ct)
u = (struct us_conntrack *) hashtable_test(c->h, u);
if (u) {
- del_alarm(&u->alarm);
- __del2(c, u);
- return 1;
- }
- return 0;
-}
-
-int cache_del(struct cache *c, struct nf_conntrack *ct)
-{
- if (__del(c, ct)) {
+ __cache_del(c, u);
c->del_ok++;
return 1;
}
@@ -356,33 +353,36 @@ static void __del_timeout(struct alarm_block *a, void *data)
__del2(u->cache, u);
}
-struct us_conntrack *
-cache_del_timeout(struct cache *c, struct nf_conntrack *ct, int timeout)
+int
+__cache_del_timer(struct cache *c, struct us_conntrack *u, int timeout)
+{
+ if (timeout <= 0) {
+ __cache_del(c, u);
+ return 1;
+ }
+ if (!alarm_pending(&u->alarm)) {
+ add_alarm(&u->alarm, timeout, 0);
+ /*
+ * increase stats even if this entry was not really
+ * removed yet. We do not want to make people think
+ * that the replication protocol does not work
+ * properly.
+ */
+ c->del_ok++;
+ return 1;
+ }
+ return 0;
+}
+
+struct us_conntrack *cache_find(struct cache *c, struct nf_conntrack *ct)
{
size_t size = c->h->datasize;
char buf[size];
struct us_conntrack *u = (struct us_conntrack *) buf;
- if (timeout <= 0)
- cache_del(c, ct);
-
u->ct = ct;
- u = (struct us_conntrack *) hashtable_test(c->h, u);
- if (u) {
- if (!alarm_pending(&u->alarm)) {
- add_alarm(&u->alarm, timeout, 0);
- /*
- * increase stats even if this entry was not really
- * removed yet. We do not want to make people think
- * that the replication protocol does not work
- * properly.
- */
- c->del_ok++;
- return u;
- }
- }
- return NULL;
+ return ((struct us_conntrack *) hashtable_test(c->h, u));
}
struct us_conntrack *cache_get_conntrack(struct cache *c, void *data)
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 0f3760e..56c30af 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -407,10 +407,8 @@ static int purge_step(void *data1, void *data2)
ret = nfct_query(h, NFCT_Q_GET, u->ct);
if (ret == -1 && errno == ENOENT) {
debug_ct(u->ct, "overrun purge resync");
- if (cache_del_timeout(STATE_SYNC(internal),
- u->ct,
- CONFIG(del_timeout)))
- mcast_send_sync(u, NFCT_Q_DESTROY);
+ mcast_send_sync(u, NFCT_Q_DESTROY);
+ __cache_del_timer(STATE_SYNC(internal), u, CONFIG(del_timeout));
}
return 0;
@@ -502,15 +500,16 @@ static int event_destroy_sync(struct nf_conntrack *ct)
if (!CONFIG(cache_write_through))
nfct_attr_unset(ct, ATTR_TIMEOUT);
- u = cache_del_timeout(STATE_SYNC(internal), ct, CONFIG(del_timeout));
- if (u != NULL) {
- mcast_send_sync(u, NFCT_Q_DESTROY);
- debug_ct(ct, "internal destroy");
- return 1;
- } else {
+ u = cache_find(STATE_SYNC(internal), ct);
+ if (u == NULL) {
debug_ct(ct, "can't destroy");
return 0;
}
+
+ mcast_send_sync(u, NFCT_Q_DESTROY);
+ __cache_del_timer(STATE_SYNC(internal), u, CONFIG(del_timeout));
+ debug_ct(ct, "internal destroy");
+ return 1;
}
struct ct_mode sync_mode = {