diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-08-07 14:53:29 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-08-07 14:53:29 +0200 |
commit | 8a78dda3e6676286f09f5c78cca60a8178186930 (patch) | |
tree | 8b00a9b242e137c1233579bbe500ae123fd65191 /src | |
parent | 6cb33c62c8007593d8a85aa202fa173043877135 (diff) | |
download | conntrack-tools-8a78dda3e6676286f09f5c78cca60a8178186930.tar.gz conntrack-tools-8a78dda3e6676286f09f5c78cca60a8178186930.zip |
cache iterators: commit master entries before related ones
Commit master entries before related ones to avoid ENOENT errors.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/cache_iterators.c | 29 | ||||
-rw-r--r-- | src/netlink.c | 12 |
2 files changed, 36 insertions, 5 deletions
diff --git a/src/cache_iterators.c b/src/cache_iterators.c index 8898930..8811fc4 100644 --- a/src/cache_iterators.c +++ b/src/cache_iterators.c @@ -95,12 +95,9 @@ void cache_dump(struct cache *c, int fd, int type) hashtable_iterate(c->h, (void *) &tmp, do_dump); } -/* no need to clone, called from child process */ -static int do_commit(void *data1, void *data2) +static void __do_commit_step(struct cache *c, struct us_conntrack *u) { int ret, retry = 1; - struct cache *c = data1; - struct us_conntrack *u = data2; struct nf_conntrack *ct = u->ct; /* @@ -149,18 +146,40 @@ try_again_update: c->commit_ok++; break; } +} + +static int do_commit_related(void *data1, void *data2) +{ + struct us_conntrack *u = data2; + + if (ct_is_related(u->ct)) + __do_commit_step(data1, u); /* keep iterating even if we have found errors */ return 0; } +static int do_commit_master(void *data1, void *data2) +{ + struct us_conntrack *u = data2; + + if (ct_is_related(u->ct)) + return 0; + + __do_commit_step(data1, u); + return 0; +} + +/* no need to clone, called from child process */ void cache_commit(struct cache *c) { unsigned int commit_ok = c->commit_ok; unsigned int commit_exist = c->commit_exist; unsigned int commit_fail = c->commit_fail; - hashtable_iterate(c->h, c, do_commit); + /* commit master conntrack first, then related ones */ + hashtable_iterate(c->h, c, do_commit_master); + hashtable_iterate(c->h, c, do_commit_related); /* calculate new entries committed */ commit_ok = c->commit_ok - commit_ok; diff --git a/src/netlink.c b/src/netlink.c index 0d9b7db..e9b1cfd 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -337,6 +337,18 @@ int nl_update_conntrack(struct nf_conntrack *ct) nfct_set_attr_u32(ct, ATTR_STATUS, status); } + /* we hit error if we try to update the master conntrack */ + if (ct_is_related(ct)) { + nfct_attr_unset(ct, ATTR_MASTER_L3PROTO); + nfct_attr_unset(ct, ATTR_MASTER_L4PROTO); + nfct_attr_unset(ct, ATTR_MASTER_IPV4_SRC); + nfct_attr_unset(ct, ATTR_MASTER_IPV4_DST); + nfct_attr_unset(ct, ATTR_MASTER_IPV6_SRC); + nfct_attr_unset(ct, ATTR_MASTER_IPV6_DST); + nfct_attr_unset(ct, ATTR_MASTER_PORT_SRC); + nfct_attr_unset(ct, ATTR_MASTER_PORT_DST); + } + return nl_create_conntrack(ct); } |