diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-05-23 20:58:55 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-05-23 20:58:55 +0200 |
commit | 95c587ae01373ded13d696b155c7f277030a03d3 (patch) | |
tree | 072c8c7ebfe75096c979525c1c5ad8e68920ef75 /src | |
parent | 6f5666a29cb7cbff08ce926ee1edb84a311ff6ee (diff) | |
download | conntrack-tools-95c587ae01373ded13d696b155c7f277030a03d3.tar.gz conntrack-tools-95c587ae01373ded13d696b155c7f277030a03d3.zip |
conntrackd: remove the cache write-through policy
This patch removes the cache write-through clause. This feature
remained undocumented although some has found it looking at the
source code. This feature has remained in the tree for quite
some time although it has several limitations. Moreover, it
is specifically broken and dangerous for Linux kernels >= 2.6.29
since it generates loops in the synchronization.
We do this removal first to prepare the introduction of a feature
to bypass the external cache.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 2 | ||||
-rw-r--r-- | src/cache.c | 1 | ||||
-rw-r--r-- | src/cache_wt.c | 79 | ||||
-rw-r--r-- | src/read_config_yy.y | 6 | ||||
-rw-r--r-- | src/sync-mode.c | 4 |
5 files changed, 5 insertions, 87 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index c338fee..1c8b34f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,7 +14,7 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \ local.c log.c mcast.c udp.c netlink.c vector.c \ filter.c fds.c event.c process.c origin.c \ cache.c cache_iterators.c \ - cache_timer.c cache_wt.c \ + cache_timer.c \ sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \ traffic_stats.c stats-mode.c \ network.c cidr.c \ diff --git a/src/cache.c b/src/cache.c index 318b8ec..e4a024b 100644 --- a/src/cache.c +++ b/src/cache.c @@ -95,7 +95,6 @@ static int compare(const void *data1, const void *data2) struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = { [TIMER_FEATURE] = &timer_feature, - [WRITE_THROUGH_FEATURE] = &writethrough_feature, }; struct cache *cache_create(const char *name, diff --git a/src/cache_wt.c b/src/cache_wt.c deleted file mode 100644 index 34fe82e..0000000 --- a/src/cache_wt.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * (C) 2007 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "conntrackd.h" -#include "cache.h" -#include "netlink.h" -#include "log.h" - -#include <string.h> -#include <errno.h> - -static void add_wt(struct cache_object *obj) -{ - int ret; - - ret = nl_get_conntrack(STATE(request), obj->ct); - switch (ret) { - case -1: - dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - break; - case 0: - if (nl_create_conntrack(STATE(dump), obj->ct, 0) == -1) { - dlog(LOG_ERR, "cache_wt create: %s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - } - break; - case 1: - if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) { - dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - } - break; - } -} - -static void upd_wt(struct cache_object *obj) -{ - if (nl_update_conntrack(STATE(dump), obj->ct, 0) == -1) { - dlog(LOG_ERR, "cache_wt update:%s", strerror(errno)); - dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); - } -} - -static void writethrough_add(struct cache_object *obj, void *data) -{ - add_wt(obj); -} - -static void writethrough_update(struct cache_object *obj, void *data) -{ - upd_wt(obj); -} - -static void writethrough_destroy(struct cache_object *obj, void *data) -{ - nl_destroy_conntrack(STATE(dump), obj->ct); -} - -struct cache_feature writethrough_feature = { - .add = writethrough_add, - .update = writethrough_update, - .destroy = writethrough_destroy, -}; diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 56fd2f8..cab7799 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -842,12 +842,14 @@ tcp_state: T_LISTEN cache_writethrough: T_WRITE_THROUGH T_ON { - conf.cache_write_through = 1; + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); }; cache_writethrough: T_WRITE_THROUGH T_OFF { - conf.cache_write_through = 0; + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); }; general: T_GENERAL '{' general_list '}'; diff --git a/src/sync-mode.c b/src/sync-mode.c index a0ba830..699a585 100644 --- a/src/sync-mode.c +++ b/src/sync-mode.c @@ -274,10 +274,6 @@ static int init_sync(void) return -1; } - /* straight forward commit of conntrack to kernel space */ - if (CONFIG(cache_write_through)) - STATE_SYNC(sync)->external_cache_flags |= WRITE_THROUGH; - STATE_SYNC(external) = cache_create("external", STATE_SYNC(sync)->external_cache_flags, |