summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/Makefile.am4
-rw-r--r--include/cache.h43
-rw-r--r--include/filter.h11
-rw-r--r--include/hash.h22
-rw-r--r--include/network.h1
-rw-r--r--include/slist.h41
-rw-r--r--include/sync.h4
-rw-r--r--include/us-conntrack.h14
-rw-r--r--src/cache.c273
-rw-r--r--src/cache_iterators.c65
-rw-r--r--src/cache_lifetime.c10
-rw-r--r--src/cache_timer.c36
-rw-r--r--src/cache_wt.c33
-rw-r--r--src/filter.c57
-rw-r--r--src/hash.c136
-rw-r--r--src/stats-mode.c55
-rw-r--r--src/sync-alarm.c27
-rw-r--r--src/sync-ftfw.c40
-rw-r--r--src/sync-mode.c116
-rw-r--r--src/sync-notrack.c19
20 files changed, 440 insertions, 567 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index 13f7e37..c3f8904 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,6 +1,6 @@
-noinst_HEADERS = alarm.h jhash.h slist.h cache.h linux_list.h linux_rbtree.h \
- sync.h conntrackd.h local.h us-conntrack.h \
+noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \
+ sync.h conntrackd.h local.h \
debug.h log.h hash.h mcast.h conntrack.h \
network.h filter.h queue.h vector.h cidr.h \
traffic_stats.h netlink.h fds.h event.h bitops.h
diff --git a/include/cache.h b/include/cache.h
index ebed70a..dcd6bcd 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -3,6 +3,8 @@
#include <stdint.h>
#include <stddef.h>
+#include "hash.h"
+#include "alarm.h"
/* cache features */
enum {
@@ -22,14 +24,20 @@ enum {
#define CACHE_MAX_FEATURE __CACHE_MAX_FEATURE
struct cache;
-struct us_conntrack;
+struct cache_object {
+ struct hashtable_node hashnode;
+ struct nf_conntrack *ct;
+ struct cache *cache;
+ struct alarm_block alarm;
+ char data[0];
+};
struct cache_feature {
size_t size;
- void (*add)(struct us_conntrack *u, void *data);
- void (*update)(struct us_conntrack *u, void *data);
- void (*destroy)(struct us_conntrack *u, void *data);
- int (*dump)(struct us_conntrack *u, void *data, char *buf, int type);
+ void (*add)(struct cache_object *obj, void *data);
+ void (*update)(struct cache_object *obj, void *data);
+ void (*destroy)(struct cache_object *obj, void *data);
+ int (*dump)(struct cache_object *obj, void *data, char *buf, int type);
};
extern struct cache_feature lifetime_feature;
@@ -48,6 +56,7 @@ struct cache {
unsigned int *feature_offset;
struct cache_extra *extra;
unsigned int extra_offset;
+ size_t object_size;
/* statistics */
struct {
@@ -77,9 +86,9 @@ struct cache {
struct cache_extra {
unsigned int size;
- void (*add)(struct us_conntrack *u, void *data);
- void (*update)(struct us_conntrack *u, void *data);
- void (*destroy)(struct us_conntrack *u, void *data);
+ void (*add)(struct cache_object *obj, void *data);
+ void (*update)(struct cache_object *obj, void *data);
+ void (*destroy)(struct cache_object *obj, void *data);
};
struct nf_conntrack;
@@ -87,16 +96,18 @@ struct nf_conntrack;
struct cache *cache_create(const char *name, unsigned int features, struct cache_extra *extra);
void cache_destroy(struct cache *e);
-struct us_conntrack *cache_add(struct cache *c, struct nf_conntrack *ct);
-struct us_conntrack *cache_update(struct cache *c, struct nf_conntrack *ct);
-struct us_conntrack *cache_update_force(struct cache *c, struct nf_conntrack *ct);
-int cache_del(struct cache *c, struct nf_conntrack *ct);
-int __cache_del_timer(struct cache *c, struct us_conntrack *u, int timeout);
-struct us_conntrack *cache_find(struct cache *c, struct nf_conntrack *ct);
-int cache_test(struct cache *c, struct nf_conntrack *ct);
+struct cache_object *cache_object_new(struct cache *c, struct nf_conntrack *ct);
+void cache_object_free(struct cache_object *obj);
+
+int cache_add(struct cache *c, struct cache_object *obj, int id);
+void cache_update(struct cache *c, struct cache_object *obj, int id, struct nf_conntrack *ct);
+struct cache_object *cache_update_force(struct cache *c, struct nf_conntrack *ct);
+void cache_del(struct cache *c, struct cache_object *obj);
+int cache_del_timer(struct cache *c, struct cache_object *obj, int timeout);
+struct cache_object *cache_find(struct cache *c, struct nf_conntrack *ct, int *pos);
void cache_stats(const struct cache *c, int fd);
void cache_stats_extended(const struct cache *c, int fd);
-struct us_conntrack *cache_get_conntrack(struct cache *, void *);
+struct cache_object *cache_data_get_object(struct cache *c, void *data);
void *cache_get_extra(struct cache *, void *);
void cache_iterate(struct cache *c, void *data, int (*iterate)(void *data1, void *data2));
diff --git a/include/filter.h b/include/filter.h
index 9c2cf66..72c2aa4 100644
--- a/include/filter.h
+++ b/include/filter.h
@@ -4,6 +4,7 @@
#include <stdint.h>
#include <string.h>
#include <netinet/in.h>
+#include <hash.h>
enum ct_filter_type {
CT_FILTER_L4PROTO,
@@ -17,6 +18,16 @@ enum ct_filter_logic {
CT_FILTER_POSITIVE = 1,
};
+struct ct_filter_ipv4_hnode {
+ struct hashtable_node node;
+ uint32_t ip;
+};
+
+struct ct_filter_ipv6_hnode {
+ struct hashtable_node node;
+ uint32_t ipv6[4];
+};
+
struct ct_filter_netmask_ipv4 {
uint32_t ip;
uint32_t mask;
diff --git a/include/hash.h b/include/hash.h
index 2fb0a27..68d618b 100644
--- a/include/hash.h
+++ b/include/hash.h
@@ -2,7 +2,6 @@
#define _NF_SET_HASH_H_
#include <unistd.h>
-#include "slist.h"
#include "linux_list.h"
#include <stdint.h>
@@ -15,35 +14,30 @@ struct hashtable {
uint32_t limit;
uint32_t count;
uint32_t initval;
- uint32_t datasize;
uint32_t (*hash)(const void *data, const struct hashtable *table);
int (*compare)(const void *data1, const void *data2);
- struct slist_head members[0];
+ struct list_head members[0];
};
struct hashtable_node {
- struct slist_head head;
- char data[0];
+ struct list_head head;
};
-struct hashtable_node *hashtable_alloc_node(int datasize, void *data);
-void hashtable_destroy_node(struct hashtable_node *h);
-
struct hashtable *
-hashtable_create(int hashsize, int limit, int datasize,
+hashtable_create(int hashsize, int limit,
uint32_t (*hash)(const void *data,
const struct hashtable *table),
int (*compare)(const void *data1, const void *data2));
void hashtable_destroy(struct hashtable *h);
-
-void *hashtable_add(struct hashtable *table, void *data);
-void *hashtable_find(struct hashtable *table, const void *data);
-int hashtable_del(struct hashtable *table, void *data);
+int hashtable_hash(const struct hashtable *table, const void *data);
+struct hashtable_node *hashtable_find(const struct hashtable *table, const void *data, int id);
+int hashtable_add(struct hashtable *table, struct hashtable_node *n, int id);
+void hashtable_del(struct hashtable *table, struct hashtable_node *node);
int hashtable_flush(struct hashtable *table);
int hashtable_iterate(struct hashtable *table, void *data,
- int (*iterate)(void *data1, void *data2));
+ int (*iterate)(void *data, struct hashtable_node *n));
unsigned int hashtable_counter(const struct hashtable *table);
#endif
diff --git a/include/network.h b/include/network.h
index 40bb2b2..619ce3e 100644
--- a/include/network.h
+++ b/include/network.h
@@ -75,7 +75,6 @@ enum {
__hdr; \
})
-struct us_conntrack;
struct mcast_sock;
enum {
diff --git a/include/slist.h b/include/slist.h
deleted file mode 100644
index 257b627..0000000
--- a/include/slist.h
+++ /dev/null
@@ -1,41 +0,0 @@
-#ifndef _SLIST_H_
-#define _SLIST_H_
-
-#include "linux_list.h"
-
-#define INIT_SLIST_HEAD(ptr) ((ptr).next = NULL)
-
-struct slist_head {
- struct slist_head *next;
-};
-
-static inline int slist_empty(const struct slist_head *h)
-{
- return !h->next;
-}
-
-static inline void slist_del(struct slist_head *t, struct slist_head *prev)
-{
- prev->next = t->next;
- t->next = LIST_POISON1;
-}
-
-static inline void slist_add(struct slist_head *head, struct slist_head *t)
-{
- struct slist_head *tmp = head->next;
- head->next = t;
- t->next = tmp;
-}
-
-#define slist_entry(ptr, type, member) container_of(ptr,type,member)
-
-#define slist_for_each(pos, head) \
- for (pos = (head)->next; pos; \
- pos = pos->next)
-
-#define slist_for_each_safe(pos, prev, next, head) \
- for (pos = (head)->next, prev = (head); \
- pos && ({ next = pos->next; 1; }); \
- ({ prev = (prev->next != next) ? prev->next : prev; }), pos = next)
-
-#endif
diff --git a/include/sync.h b/include/sync.h
index fc06c93..60c9fae 100644
--- a/include/sync.h
+++ b/include/sync.h
@@ -2,7 +2,7 @@
#define _SYNC_HOOKS_H_
struct nethdr;
-struct us_conntrack;
+struct cache_object;
struct sync_mode {
int internal_cache_flags;
@@ -14,7 +14,7 @@ struct sync_mode {
void (*kill)(void);
int (*local)(int fd, int type, void *data);
int (*recv)(const struct nethdr *net);
- void (*send)(struct nethdr *net, struct us_conntrack *u);
+ void (*send)(struct nethdr *net, struct cache_object *obj);
void (*run)(void);
};
diff --git a/include/us-conntrack.h b/include/us-conntrack.h
deleted file mode 100644
index 9eafa3b..0000000
--- a/include/us-conntrack.h
+++ /dev/null
@@ -1,14 +0,0 @@
-#ifndef _US_CONNTRACK_H_
-#define _US_CONNTRACK_H_
-
-#include "alarm.h"
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-
-struct us_conntrack {
- struct nf_conntrack *ct;
- struct cache *cache;
- struct alarm_block alarm;
- char data[0];
-};
-
-#endif
diff --git a/src/cache.c b/src/cache.c
index 553dddf..621a3f4 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1,5 +1,5 @@
/*
- * (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -20,7 +20,6 @@
#include "jhash.h"
#include "hash.h"
#include "log.h"
-#include "us-conntrack.h"
#include "conntrackd.h"
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
@@ -68,14 +67,14 @@ __hash6(const struct nf_conntrack *ct, const struct hashtable *table)
static uint32_t hash(const void *data, const struct hashtable *table)
{
int ret = 0;
- const struct us_conntrack *u = data;
+ const struct nf_conntrack *ct = data;
- switch(nfct_get_attr_u8(u->ct, ATTR_L3PROTO)) {
+ switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
case AF_INET:
- ret = __hash4(u->ct, table);
+ ret = __hash4(ct, table);
break;
case AF_INET6:
- ret = __hash6(u->ct, table);
+ ret = __hash6(ct, table);
break;
default:
dlog(LOG_ERR, "unknown layer 3 proto in hash");
@@ -87,10 +86,10 @@ static uint32_t hash(const void *data, const struct hashtable *table)
static int compare(const void *data1, const void *data2)
{
- const struct us_conntrack *u1 = data1;
- const struct us_conntrack *u2 = data2;
+ const struct cache_object *obj = data1;
+ const struct nf_conntrack *ct = data2;
- return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG);
+ return nfct_cmp(obj->ct, ct, NFCT_CMP_ORIG);
}
struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = {
@@ -103,7 +102,7 @@ struct cache *cache_create(const char *name,
unsigned int features,
struct cache_extra *extra)
{
- size_t size = sizeof(struct us_conntrack);
+ size_t size = sizeof(struct cache_object);
int i, j = 0;
struct cache *c;
struct cache_feature *feature_array[CACHE_MAX_FEATURE] = {};
@@ -152,7 +151,6 @@ struct cache *cache_create(const char *name,
c->h = hashtable_create(CONFIG(hashsize),
CONFIG(limit),
- size,
hash,
compare);
@@ -162,6 +160,7 @@ struct cache *cache_create(const char *name,
free(c);
return NULL;
}
+ c->object_size = size;
return c;
}
@@ -177,225 +176,165 @@ void cache_destroy(struct cache *c)
static void __del_timeout(struct alarm_block *a, void *data);
-static struct us_conntrack *__add(struct cache *c, struct nf_conntrack *ct)
+struct cache_object *cache_object_new(struct cache *c, struct nf_conntrack *ct)
{
- unsigned i;
- size_t size = c->h->datasize;
- char buf[size];
- struct us_conntrack *u = (struct us_conntrack *) buf;
- struct nf_conntrack *newct;
+ struct cache_object *obj;
- memset(u, 0, size);
+ obj = calloc(c->object_size, 1);
+ if (obj == NULL) {
+ errno = ENOMEM;
+ c->stats.add_fail_enomem++;
+ return NULL;
+ }
+ obj->cache = c;
+ init_alarm(&obj->alarm, obj, __del_timeout);
- u->cache = c;
- if ((u->ct = newct = nfct_new()) == NULL) {
+ if ((obj->ct = nfct_new()) == NULL) {
+ free(obj);
errno = ENOMEM;
- return 0;
+ c->stats.add_fail_enomem++;
+ return NULL;
}
- memcpy(u->ct, ct, nfct_sizeof(ct));
+ memcpy(obj->ct, ct, nfct_sizeof(ct));
- u = hashtable_add(c->h, u);
- if (u) {
- char *data = u->data;
+ return obj;
+}
- init_alarm(&u->alarm, u, __del_timeout);
+void cache_object_free(struct cache_object *obj)
+{
+ nfct_destroy(obj->ct);
+ free(obj);
+}
- for (i = 0; i < c->num_features; i++) {
- c->features[i]->add(u, data);
- data += c->features[i]->size;
- }
+static int __add(struct cache *c, struct cache_object *obj, int id)
+{
+ int ret;
+ unsigned int i;
+ char *data = obj->data;
- if (c->extra && c->extra->add)
- c->extra->add(u, ((char *) u) + c->extra_offset);
+ ret = hashtable_add(c->h, &obj->hashnode, id);
+ if (ret == -1)
+ return -1;
- c->stats.active++;
- return u;
+ for (i = 0; i < c->num_features; i++) {
+ c->features[i]->add(obj, data);
+ data += c->features[i]->size;
}
- free(newct);
- return NULL;
+ if (c->extra && c->extra->add)
+ c->extra->add(obj, ((char *) obj) + c->extra_offset);
+
+ c->stats.active++;
+ return 0;
}
-struct us_conntrack *cache_add(struct cache *c, struct nf_conntrack *ct)
+int cache_add(struct cache *c, struct cache_object *obj, int id)
{
- struct us_conntrack *u;
+ int ret;
- u = __add(c, ct);
- if (u) {
- c->stats.add_ok++;
- return u;
- }
- if (errno != EEXIST) {
+ ret = __add(c, obj, id);
+ if (ret == -1) {
c->stats.add_fail++;
if (errno == ENOSPC)
c->stats.add_fail_enospc++;
- if (errno == ENOMEM)
- c->stats.add_fail_enomem++;
+ return -1;
}
-
- return NULL;
+ c->stats.add_ok++;
+ return 0;
}
-static void
-__cache_update(struct cache *c, struct us_conntrack *u, struct nf_conntrack *ct)
+void cache_update(struct cache *c, struct cache_object *obj, int id,
+ struct nf_conntrack *ct)
{
- unsigned i;
- char *data = u->data;
+ char *data = obj->data;
+ unsigned int i;
- nfct_copy(u->ct, ct, NFCT_CP_META);
+ nfct_copy(obj->ct, ct, NFCT_CP_META);
for (i = 0; i < c->num_features; i++) {
- c->features[i]->update(u, data);
+ c->features[i]->update(obj, data);
data += c->features[i]->size;
}
if (c->extra && c->extra->update)
- c->extra->update(u, ((char *) u) + c->extra_offset);
-}
-
-static struct us_conntrack *__update(struct cache *c, struct nf_conntrack *ct)
-{
- size_t size = c->h->datasize;
- char buf[size];
- struct us_conntrack *u = (struct us_conntrack *) buf;
-
- u->ct = ct;
-
- u = (struct us_conntrack *) hashtable_find(c->h, u);
- if (u) {
- __cache_update(c, u, ct);
- return u;
- }
- return NULL;
-}
+ c->extra->update(obj, ((char *) obj) + c->extra_offset);
-struct us_conntrack *cache_update(struct cache *c, struct nf_conntrack *ct)
-{
- struct us_conntrack *u;
-
- u = __update(c, ct);
- if (u) {
- c->stats.upd_ok++;
- return u;
- }
- c->stats.upd_fail++;
- if (errno == ENOENT)
- c->stats.upd_fail_enoent++;
-
- return NULL;
+ c->stats.upd_ok++;
}
-static void __del(struct cache *c, struct us_conntrack *u)
+static void __del(struct cache *c, struct cache_object *obj)
{
unsigned i;
- char *data = u->data;
- struct nf_conntrack *p = u->ct;
+ char *data = obj->data;
for (i = 0; i < c->num_features; i++) {
- c->features[i]->destroy(u, data);
+ c->features[i]->destroy(obj, data);
data += c->features[i]->size;
}
if (c->extra && c->extra->destroy)
- c->extra->destroy(u, ((char *) u) + c->extra_offset);
+ c->extra->destroy(obj, ((char *) obj) + c->extra_offset);
- hashtable_del(c->h, u);
- free(p);
+ hashtable_del(c->h, &obj->hashnode);
}
-static void __cache_del(struct cache *c, struct us_conntrack *u)
+void cache_del(struct cache *c, struct cache_object *obj)
{
/*
* Do not increase stats if we are trying to
* kill an entry was previously deleted via
* __cache_del_timer.
*/
- if (!alarm_pending(&u->alarm)) {
+ if (!alarm_pending(&obj->alarm)) {
c->stats.del_ok++;
c->stats.active--;
}
- del_alarm(&u->alarm);
- __del(c, u);
+ del_alarm(&obj->alarm);
+ __del(c, obj);
}
-struct us_conntrack *cache_update_force(struct cache *c,
- struct nf_conntrack *ct)
+struct cache_object *
+cache_update_force(struct cache *c, struct nf_conntrack *ct)
{
- struct us_conntrack *u;
-
- u = cache_find(c, ct);
- if (u) {
- if (!alarm_pending(&u->alarm)) {
- c->stats.upd_ok++;
- __cache_update(c, u, ct);
- return u;
+ struct cache_object *obj;
+ int id;
+
+ obj = cache_find(c, ct, &id);
+ if (obj) {
+ if (!alarm_pending(&obj->alarm)) {
+ cache_update(c, obj, id, ct);
+ return obj;
} else {
- __cache_del(c, u);
+ cache_del(c, obj);
+ cache_object_free(obj);
}
}
- if ((u = __add(c, ct)) != NULL) {
- c->stats.add_ok++;
- return u;
- }
- c->stats.add_fail++;
- if (errno == ENOSPC)
- c->stats.add_fail_enospc++;
- if (errno == ENOMEM)
- c->stats.add_fail_enomem++;
-
- return NULL;
-}
-
-int cache_test(struct cache *c, struct nf_conntrack *ct)
-{
- size_t size = c->h->datasize;
- char buf[size];
- struct us_conntrack *u = (struct us_conntrack *) buf;
- void *ret;
-
- u->ct = ct;
-
- ret = hashtable_find(c->h, u);
-
- return ret != NULL;
-}
-
-int cache_del(struct cache *c, struct nf_conntrack *ct)
-{
- size_t size = c->h->datasize;
- char buf[size];
- struct us_conntrack *u = (struct us_conntrack *) buf;
-
- u->ct = ct;
+ obj = cache_object_new(c, ct);
+ if (obj == NULL)
+ return NULL;
- u = (struct us_conntrack *) hashtable_find(c->h, u);
- if (u) {
- __cache_del(c, u);
- return 1;
- }
- c->stats.del_fail++;
- if (errno == ENOENT)
- c->stats.del_fail_enoent++;
+ if (cache_add(c, obj, id) == -1)
+ return NULL;
- return 0;
+ return obj;
}
static void __del_timeout(struct alarm_block *a, void *data)
{
- struct us_conntrack *u = (struct us_conntrack *) data;
-
- __del(u->cache, u);
+ struct cache_object *obj = (struct cache_object *) data;
+ __del(obj->cache, obj);
+ cache_object_free(obj);
}
-int
-__cache_del_timer(struct cache *c, struct us_conntrack *u, int timeout)
+int cache_del_timer(struct cache *c, struct cache_object *obj, int timeout)
{
if (timeout <= 0) {
- __cache_del(c, u);
+ cache_del(c, obj);
+ cache_object_free(obj);
return 1;
}
- if (!alarm_pending(&u->alarm)) {
- add_alarm(&u->alarm, timeout, 0);
+ if (!alarm_pending(&obj->alarm)) {
+ add_alarm(&obj->alarm, timeout, 0);
/*
* increase stats even if this entry was not really
* removed yet. We do not want to make people think
@@ -409,20 +348,16 @@ __cache_del_timer(struct cache *c, struct us_conntrack *u, int timeout)
return 0;
}
-struct us_conntrack *cache_find(struct cache *c, struct nf_conntrack *ct)
+struct cache_object *
+cache_find(struct cache *c, struct nf_conntrack *ct, int *id)
{
- size_t size = c->h->datasize;
- char buf[size];
- struct us_conntrack *u = (struct us_conntrack *) buf;
-
- u->ct = ct;
-
- return ((struct us_conntrack *) hashtable_find(c->h, u));
+ *id = hashtable_hash(c->h, ct);
+ return ((struct cache_object *) hashtable_find(c->h, ct, *id));
}
-struct us_conntrack *cache_get_conntrack(struct cache *c, void *data)
+struct cache_object *cache_data_get_object(struct cache *c, void *data)
{
- return (struct us_conntrack *)((char*)data - c->extra_offset);
+ return (struct cache_object *)((char*)data - c->extra_offset);
}
void *cache_get_extra(struct cache *c, void *data)
diff --git a/src/cache_iterators.c b/src/cache_iterators.c
index a14f428..4773889 100644
--- a/src/cache_iterators.c
+++ b/src/cache_iterators.c
@@ -21,7 +21,6 @@
#include "log.h"
#include "conntrackd.h"
#include "netlink.h"
-#include "us-conntrack.h"
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
#include <sched.h>
@@ -33,13 +32,13 @@ struct __dump_container {
int type;
};
-static int do_dump(void *data1, void *data2)
+static int do_dump(void *data1, struct hashtable_node *n)
{
char buf[1024];
int size;
struct __dump_container *container = data1;
- struct us_conntrack *u = data2;
- char *data = u->data;
+ struct cache_object *obj = (struct cache_object *)n;
+ char *data = obj->data;
unsigned i;
/*
@@ -52,28 +51,28 @@ static int do_dump(void *data1, void *data2)
* specific and it breaks conntrackd modularity. Probably
* there's a nicer way to do this but until I come up with it...
*/
- if (CONFIG(flags) & CTD_SYNC_FTFW && alarm_pending(&u->alarm))
+ if (CONFIG(flags) & CTD_SYNC_FTFW && alarm_pending(&obj->alarm))
return 0;
/* do not show cached timeout, this may confuse users */
- if (nfct_attr_is_set(u->ct, ATTR_TIMEOUT))
- nfct_attr_unset(u->ct, ATTR_TIMEOUT);
+ if (nfct_attr_is_set(obj->ct, ATTR_TIMEOUT))
+ nfct_attr_unset(obj->ct, ATTR_TIMEOUT);
memset(buf, 0, sizeof(buf));
size = nfct_snprintf(buf,
sizeof(buf),
- u->ct,
+ obj->ct,
NFCT_T_UNKNOWN,
container->type,
0);
- for (i = 0; i < u->cache->num_features; i++) {
- if (u->cache->features[i]->dump) {
- size += u->cache->features[i]->dump(u,
- data,
- buf+size,
- container->type);
- data += u->cache->features[i]->size;
+ for (i = 0; i < obj->cache->num_features; i++) {
+ if (obj->cache->features[i]->dump) {
+ size += obj->cache->features[i]->dump(obj,
+ data,
+ buf+size,
+ container->type);
+ data += obj->cache->features[i]->size;
}
}
size += sprintf(buf+size, "\n");
@@ -101,10 +100,10 @@ struct __commit_container {
};
static void
-__do_commit_step(struct __commit_container *tmp, struct us_conntrack *u)
+__do_commit_step(struct __commit_container *tmp, struct cache_object *obj)
{
int ret, retry = 1;
- struct nf_conntrack *ct = u->ct;
+ struct nf_conntrack *ct = obj->ct;
/*
* Set a reduced timeout for candidate-to-be-committed
@@ -166,25 +165,25 @@ try_again:
}
}
-static int do_commit_related(void *data1, void *data2)
+static int do_commit_related(void *data, struct hashtable_node *n)
{
- struct us_conntrack *u = data2;
+ struct cache_object *obj = (struct cache_object *)n;
- if (ct_is_related(u->ct))
- __do_commit_step(data1, u);
+ if (ct_is_related(obj->ct))
+ __do_commit_step(data, obj);
/* keep iterating even if we have found errors */
return 0;
}
-static int do_commit_master(void *data1, void *data2)
+static int do_commit_master(void *data, struct hashtable_node *n)
{
- struct us_conntrack *u = data2;
+ struct cache_object *obj = (struct cache_object *)n;
- if (ct_is_related(u->ct))
+ if (ct_is_related(obj->ct))
return 0;
- __do_commit_step(data1, u);
+ __do_commit_step(data, obj);
return 0;
}
@@ -231,13 +230,13 @@ void cache_commit(struct cache *c)
res.tv_sec, res.tv_usec);
}
-static int do_reset_timers(void *data1, void *data2)
+static int do_reset_timers(void *data1, struct hashtable_node *n)
{
int ret;
u_int32_t current_timeout;
struct nfct_handle *h = data1;
- struct us_conntrack *u = data2;
- struct nf_conntrack *ct = u->ct;
+ struct cache_object *obj = (struct cache_object *)n;
+ struct nf_conntrack *ct = obj->ct;
char __tmp[nfct_maxsize()];
struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp;
@@ -286,13 +285,13 @@ void cache_reset_timers(struct cache *c)
nfct_close(h);
}
-static int do_flush(void *data1, void *data2)
+static int do_flush(void *data, struct hashtable_node *n)
{
- struct cache *c = data1;
- struct us_conntrack *u = data2;
-
- cache_del(c, u->ct);
+ struct cache *c = data;
+ struct cache_object *obj = (struct cache_object *)n;
+ cache_del(c, obj);
+ cache_object_free(obj);
return 0;
}
diff --git a/src/cache_lifetime.c b/src/cache_lifetime.c
index ad3416a..639d8c1 100644
--- a/src/cache_lifetime.c
+++ b/src/cache_lifetime.c
@@ -17,12 +17,12 @@
*/
#include <stdio.h>
-#include "us-conntrack.h"
#include "cache.h"
#include <sys/time.h>
#include <time.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-static void lifetime_add(struct us_conntrack *u, void *data)
+static void lifetime_add(struct cache_object *obj, void *data)
{
long *lifetime = data;
struct timeval tv;
@@ -32,15 +32,15 @@ static void lifetime_add(struct us_conntrack *u, void *data)
*lifetime = tv.tv_sec;
}
-static void lifetime_update(struct us_conntrack *u, void *data)
+static void lifetime_update(struct cache_object *obj, void *data)
{
}
-static void lifetime_destroy(struct us_conntrack *u, void *data)
+static void lifetime_destroy(struct cache_object *obj, void *data)
{
}
-static int lifetime_dump(struct us_conntrack *u,
+static int lifetime_dump(struct cache_object *obj,
void *data,
char *buf,
int type)
diff --git a/src/cache_timer.c b/src/cache_timer.c
index 44482b7..a9e3e3d 100644
--- a/src/cache_timer.c
+++ b/src/cache_timer.c
@@ -18,7 +18,6 @@
#include "cache.h"
#include "conntrackd.h"
-#include "us-conntrack.h"
#include "alarm.h"
#include "debug.h"
@@ -26,45 +25,46 @@
static void timeout(struct alarm_block *a, void *data)
{
- struct us_conntrack *u = data;
+ struct cache_object *obj = data;
- debug_ct(u->ct, "expired timeout");
- cache_del(u->cache, u->ct);
+ debug_ct(obj->ct, "expired timeout");
+ cache_del(obj->cache, obj);
+ cache_object_free(obj);
}
-static void timer_add(struct us_conntrack *u, void *data)
+static void timer_add(struct cache_object *obj, void *data)
{
- struct alarm_block *alarm = data;
+ struct alarm_block *a = data;
- init_alarm(alarm, u, timeout);
- add_alarm(alarm, CONFIG(cache_timeout), 0);
+ init_alarm(a, obj, timeout);
+ add_alarm(a, CONFIG(cache_timeout), 0);
}
-static void timer_update(struct us_conntrack *u, void *data)
+static void timer_update(struct cache_object *obj, void *data)
{
- struct alarm_block *alarm = data;
- add_alarm(alarm, CONFIG(cache_timeout), 0);
+ struct alarm_block *a = data;
+ add_alarm(a, CONFIG(cache_timeout), 0);
}
-static void timer_destroy(struct us_conntrack *u, void *data)
+static void timer_destroy(struct cache_object *obj, void *data)
{
- struct alarm_block *alarm = data;
- del_alarm(alarm);
+ struct alarm_block *a = data;
+ del_alarm(a);
}
-static int timer_dump(struct us_conntrack *u, void *data, char *buf, int type)
+static int timer_dump(struct cache_object *obj, void *data, char *buf, int type)
{
struct timeval tv, tmp;
- struct alarm_block *alarm = data;
+ struct alarm_block *a = data;
if (type == NFCT_O_XML)
return 0;
- if (!alarm_pending(alarm))
+ if (!alarm_pending(a))
return 0;
gettimeofday(&tv, NULL);
- timersub(&alarm->tv, &tv, &tmp);
+ timersub(&a->tv, &tv, &tmp);
return sprintf(buf, " [expires in %lds]", tmp.tv_sec);
}
diff --git a/src/cache_wt.c b/src/cache_wt.c
index d0ae8bb..84a816f 100644
--- a/src/cache_wt.c
+++ b/src/cache_wt.c
@@ -19,67 +19,66 @@
#include "conntrackd.h"
#include "cache.h"
#include "netlink.h"
-#include "us-conntrack.h"
#include "log.h"
#include <string.h>
#include <errno.h>
-static void add_wt(struct us_conntrack *u)
+static void add_wt(struct cache_object *obj)
{
int ret;
char __ct[nfct_maxsize()];
struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
- ret = nl_exist_conntrack(STATE(request), u->ct);
+ ret = nl_exist_conntrack(STATE(request), obj->ct);
switch (ret) {
case -1:
dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno));
- dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN);
+ dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
break;
case 0:
- memcpy(ct, u->ct, nfct_maxsize());
+ memcpy(ct, obj->ct, nfct_maxsize());
if (nl_create_conntrack(STATE(dump), ct) == -1) {
dlog(LOG_ERR, "cache_wt create: %s", strerror(errno));
- dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN);
+ dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
}
break;
case 1:
- memcpy(ct, u->ct, nfct_maxsize());
+ memcpy(ct, obj->ct, nfct_maxsize());
if (nl_update_conntrack(STATE(dump), ct) == -1) {
dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno));
- dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN);
+ dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
}
break;
}
}
-static void upd_wt(struct us_conntrack *u)
+static void upd_wt(struct cache_object *obj)
{
char __ct[nfct_maxsize()];
struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
- memcpy(ct, u->ct, nfct_maxsize());
+ memcpy(ct, obj->ct, nfct_maxsize());
if (nl_update_conntrack(STATE(dump), ct) == -1) {
dlog(LOG_ERR, "cache_wt update:%s", strerror(errno));
- dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN);
+ dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN);
}
}
-static void writethrough_add(struct us_conntrack *u, void *data)
+static void writethrough_add(struct cache_object *obj, void *data)
{
- add_wt(u);
+ add_wt(obj);
}
-static void writethrough_update(struct us_conntrack *u, void *data)
+static void writethrough_update(struct cache_object *obj, void *data)
{
- upd_wt(u);
+ upd_wt(obj);
}
-static void writethrough_destroy(struct us_conntrack *u, void *data)
+static void writethrough_destroy(struct cache_object *obj, void *data)
{
- nl_destroy_conntrack(STATE(dump), u->ct);
+ nl_destroy_conntrack(STATE(dump), obj->ct);
}
struct cache_feature writethrough_feature = {
diff --git a/src/filter.c b/src/filter.c
index c6e24a9..6a09c77 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -58,15 +58,17 @@ static uint32_t ct_filter_hash6(const void *data, const struct hashtable *table)
static int ct_filter_compare(const void *data1, const void *data2)
{
- const uint32_t *f1 = data1;
+ const struct ct_filter_ipv4_hnode *f1 = data1;
const uint32_t *f2 = data2;
- return *f1 == *f2;
+ return f1->ip == *f2;
}
static int ct_filter_compare6(const void *data1, const void *data2)
{
- return memcmp(data1, data2, sizeof(uint32_t)*4) == 0;
+ const struct ct_filter_ipv6_hnode *f = data1;
+
+ return memcmp(f->ipv6, data2, sizeof(uint32_t)*4) == 0;
}
struct ct_filter *ct_filter_create(void)
@@ -80,7 +82,6 @@ struct ct_filter *ct_filter_create(void)
filter->h = hashtable_create(FILTER_POOL_SIZE,
FILTER_POOL_LIMIT,
- sizeof(uint32_t),
ct_filter_hash,
ct_filter_compare);
if (!filter->h) {
@@ -90,7 +91,6 @@ struct ct_filter *ct_filter_create(void)
filter->h6 = hashtable_create(FILTER_POOL_SIZE,
FILTER_POOL_LIMIT,
- sizeof(uint32_t)*4,
ct_filter_hash6,
ct_filter_compare6);
if (!filter->h6) {
@@ -155,16 +155,33 @@ void ct_filter_set_logic(struct ct_filter *filter,
int ct_filter_add_ip(struct ct_filter *filter, void *data, uint8_t family)
{
+ int id;
filter = __filter_alloc(filter);
switch(family) {
case AF_INET:
- if (!hashtable_add(filter->h, data))
+ id = hashtable_hash(filter->h, data);
+ if (!hashtable_find(filter->h, data, id)) {
+ struct ct_filter_ipv4_hnode *n;
+ n = malloc(sizeof(struct ct_filter_ipv4_hnode));
+ if (n == NULL)
+ return 0;
+ memcpy(&n->ip, data, sizeof(uint32_t));
+ hashtable_add(filter->h, &n->node, id);
return 0;
+ }
break;
case AF_INET6:
- if (!hashtable_add(filter->h6, data))
+ id = hashtable_hash(filter->h6, data);
+ if (!hashtable_find(filter->h6, data, id)) {
+ struct ct_filter_ipv6_hnode *n;
+ n = malloc(sizeof(struct ct_filter_ipv6_hnode));
+ if (n == NULL)
+ return 0;
+ memcpy(n->ipv6, data, sizeof(uint32_t)*4);
+ hashtable_add(filter->h6, &n->node, id);
return 0;
+ }
break;
}
return 1;
@@ -220,16 +237,34 @@ void ct_filter_add_state(struct ct_filter *f, int protonum, int val)
static inline int
__ct_filter_test_ipv4(struct ct_filter *f, struct nf_conntrack *ct)
{
+ int id_src, id_dst;
+ uint32_t src, dst;
+
/* we only use the real source and destination address */
- return (hashtable_find(f->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC)) ||
- hashtable_find(f->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)));
+ src = nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC);
+ dst = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC);
+
+ id_src = hashtable_hash(f->h, &src);
+ id_dst = hashtable_hash(f->h, &dst);
+
+ return hashtable_find(f->h, &src, id_src) ||
+ hashtable_find(f->h, &dst, id_dst);
}
static inline int
__ct_filter_test_ipv6(struct ct_filter *f, struct nf_conntrack *ct)
{
- return (hashtable_find(f->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
- hashtable_find(f->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)));
+ int id_src, id_dst;
+ const uint32_t *src, *dst;
+
+ src = nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC);
+ dst = nfct_get_attr(ct, ATTR_REPL_IPV6_SRC);
+
+ id_src = hashtable_hash(f->h6, src);
+ id_dst = hashtable_hash(f->h6, dst);
+
+ return hashtable_find(f->h6, src, id_src) ||
+ hashtable_find(f->h6, dst, id_dst);
}
static int
diff --git a/src/hash.c b/src/hash.c
index 1edb977..9c9ea5b 100644
--- a/src/hash.c
+++ b/src/hash.c
@@ -1,5 +1,5 @@
/*
- * (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,32 +19,13 @@
*/
#include "hash.h"
-#include "slist.h"
#include <errno.h>
#include <stdlib.h>
#include <string.h>
-struct hashtable_node *hashtable_alloc_node(int datasize, void *data)
-{
- struct hashtable_node *n;
- int size = sizeof(struct hashtable_node) + datasize;
-
- n = calloc(size, 1);
- if (n == NULL)
- return NULL;
- memcpy(n->data, data, datasize);
-
- return n;
-}
-
-void hashtable_destroy_node(struct hashtable_node *h)
-{
- free(h);
-}
-
struct hashtable *
-hashtable_create(int hashsize, int limit, int datasize,
+hashtable_create(int hashsize, int limit,
uint32_t (*hash)(const void *data,
const struct hashtable *table),
int (*compare)(const void *data1, const void *data2))
@@ -52,7 +33,7 @@ hashtable_create(int hashsize, int limit, int datasize,
int i;
struct hashtable *h;
int size = sizeof(struct hashtable)
- + hashsize * sizeof(struct slist_head);
+ + hashsize * sizeof(struct list_head);
h = (struct hashtable *) calloc(size, 1);
if (h == NULL) {
@@ -61,11 +42,10 @@ hashtable_create(int hashsize, int limit, int datasize,
}
for (i=0; i<hashsize; i++)
- INIT_SLIST_HEAD(h->members[i]);
+ INIT_LIST_HEAD(&h->members[i]);
h->hashsize = hashsize;
h->limit = limit;
- h->datasize = datasize;
h->hash = hash;
h->compare = compare;
@@ -74,112 +54,74 @@ hashtable_create(int hashsize, int limit, int datasize,
void hashtable_destroy(struct hashtable *h)
{
- hashtable_flush(h);
free(h);
}
-void *hashtable_add(struct hashtable *table, void *data)
+int hashtable_hash(const struct hashtable *table, const void *data)
{
- struct slist_head *e;
- struct hashtable_node *n;
- uint32_t id;
-
- /* hash table is full */
- if (table->count >= table->limit) {
- errno = ENOSPC;
- return NULL;
- }
-
- id = table->hash(data, table);
-
- slist_for_each(e, &table->members[id]) {
- n = slist_entry(e, struct hashtable_node, head);
- if (table->compare(n->data, data)) {
- errno = EEXIST;
- return NULL;
- }
- }
-
- n = hashtable_alloc_node(table->datasize, data);
- if (n == NULL) {
- errno = ENOMEM;
- return NULL;
- }
-
- slist_add(&table->members[id], &n->head);
- table->count++;
-
- return n->data;
+ return table->hash(data, table);
}
-void *hashtable_find(struct hashtable *table, const void *data)
+struct hashtable_node *
+hashtable_find(const struct hashtable *table, const void *data, int id)
{
- struct slist_head *e;
- uint32_t id;
+ struct list_head *e;
struct hashtable_node *n;
- id = table->hash(data, table);
-
- slist_for_each(e, &table->members[id]) {
- n = slist_entry(e, struct hashtable_node, head);
- if (table->compare(n->data, data))
- return n->data;
+ list_for_each(e, &table->members[id]) {
+ n = list_entry(e, struct hashtable_node, head);
+ if (table->compare(n, data)) {
+ return n;
+ }
}
-
errno = ENOENT;
return NULL;
}
-int hashtable_del(struct hashtable *table, void *data)
+int hashtable_add(struct hashtable *table, struct hashtable_node *n, int id)
{
- struct slist_head *e, *next, *prev;
- uint32_t id;
- struct hashtable_node *n;
-
- id = table->hash(data, table);
-
- slist_for_each_safe(e, prev, next, &table->members[id]) {
- n = slist_entry(e, struct hashtable_node, head);
- if (table->compare(n->data, data)) {
- slist_del(e, prev);
- hashtable_destroy_node(n);
- table->count--;
- return 0;
- }
+ /* hash table is full */
+ if (table->count >= table->limit) {
+ errno = ENOSPC;
+ return -1;
}
- errno = ENOENT;
- return -1;
+ list_add(&n->head, &table->members[id]);
+ table->count++;
+ return 0;
+}
+
+void hashtable_del(struct hashtable *table, struct hashtable_node *n)
+{
+ list_del(&n->head);
+ table->count--;
}
int hashtable_flush(struct hashtable *table)
{
uint32_t i;
- struct slist_head *e, *next, *prev;
+ struct list_head *e, *tmp;
struct hashtable_node *n;
- for (i=0; i < table->hashsize; i++)
- slist_for_each_safe(e, prev, next, &table->members[i]) {
- n = slist_entry(e, struct hashtable_node, head);
- slist_del(e, prev);
- hashtable_destroy_node(n);
+ for (i=0; i < table->hashsize; i++) {
+ list_for_each_safe(e, tmp, &table->members[i]) {
+ n = list_entry(e, struct hashtable_node, head);
+ free(n);
}
-
- table->count = 0;
-
+ }
return 0;
}
int hashtable_iterate(struct hashtable *table, void *data,
- int (*iterate)(void *data1, void *data2))
+ int (*iterate)(void *data1, struct hashtable_node *n))
{
uint32_t i;
- struct slist_head *e, *next, *prev;
+ struct list_head *e, *tmp;
struct hashtable_node *n;
for (i=0; i < table->hashsize; i++) {
- slist_for_each_safe(e, prev, next, &table->members[i]) {
- n = slist_entry(e, struct hashtable_node, head);
- if (iterate(data, n->data) == -1)
+ list_for_each_safe(e, tmp, &table->members[i]) {
+ n = list_entry(e, struct hashtable_node, head);
+ if (iterate(data, n) == -1)
return -1;
}
}
diff --git a/src/stats-mode.c b/src/stats-mode.c
index d340b0d..679a50c 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -22,7 +22,6 @@
#include "cache.h"
#include "log.h"
#include "conntrackd.h"
-#include "us-conntrack.h"
#include <errno.h>
#include <string.h>
@@ -118,9 +117,8 @@ static int overrun_stats(enum nf_conntrack_msg_type type,
nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS);
nfct_attr_unset(ct, ATTR_USE);
- if (!cache_test(STATE_STATS(cache), ct))
- if (!cache_update_force(STATE_STATS(cache), ct))
- debug_ct(ct, "overrun stats resync");
+ if (!cache_update_force(STATE_STATS(cache), ct))
+ debug_ct(ct, "overrun stats resync");
return NFCT_CB_CONTINUE;
}
@@ -128,12 +126,13 @@ static int overrun_stats(enum nf_conntrack_msg_type type,
static int purge_step(void *data1, void *data2)
{
int ret;
- struct us_conntrack *u = data2;
+ struct cache_object *obj = data2;
- ret = nfct_query(STATE(dump), NFCT_Q_GET, u->ct);
+ ret = nfct_query(STATE(dump), NFCT_Q_GET, obj->ct);
if (ret == -1 && errno == ENOENT) {
- debug_ct(u->ct, "overrun purge stats");
- cache_del(STATE_STATS(cache), u->ct);
+ debug_ct(obj->ct, "overrun purge stats");
+ cache_del(STATE_STATS(cache), obj);
+ cache_object_free(obj);
}
return 0;
@@ -148,42 +147,46 @@ static int purge_stats(void)
static void event_new_stats(struct nf_conntrack *ct)
{
+ int id;
+ struct cache_object *obj;
+
nfct_attr_unset(ct, ATTR_TIMEOUT);
- if (cache_add(STATE_STATS(cache), ct)) {
- debug_ct(ct, "cache new");
- } else {
- if (errno != EEXIST) {
- dlog(LOG_ERR,
- "can't add to cache cache: %s\n", strerror(errno));
- debug_ct(ct, "can't add");
+ obj = cache_find(STATE_STATS(cache), ct, &id);
+ if (obj == NULL) {
+ obj = cache_object_new(STATE_STATS(cache), ct);
+ if (obj == NULL)
+ return;
+
+ if (cache_add(STATE_STATS(cache), obj, id) == -1) {
+ cache_object_free(obj);
+ return;
}
}
+ return;
}
static void event_update_stats(struct nf_conntrack *ct)
{
nfct_attr_unset(ct, ATTR_TIMEOUT);
-
- if (!cache_update_force(STATE_STATS(cache), ct)) {
- debug_ct(ct, "can't update");
- return;
- }
- debug_ct(ct, "update");
+ cache_update_force(STATE_STATS(cache), ct);
}
static int event_destroy_stats(struct nf_conntrack *ct)
{
+ int id;
+ struct cache_object *obj;
+
nfct_attr_unset(ct, ATTR_TIMEOUT);
- if (cache_del(STATE_STATS(cache), ct)) {
- debug_ct(ct, "cache destroy");
+ obj = cache_find(STATE_STATS(cache), ct, &id);
+ if (obj) {
+ cache_del(STATE_STATS(cache), obj);
dlog_ct(STATE(stats_log), ct, NFCT_O_PLAIN);
+ cache_object_free(obj);
return 1;
- } else {
- debug_ct(ct, "can't destroy!");
- return 0;
}
+ return 0;
}
struct ct_mode stats_mode = {
diff --git a/src/sync-alarm.c b/src/sync-alarm.c
index d871b75..34937fe 100644
--- a/src/sync-alarm.c
+++ b/src/sync-alarm.c
@@ -19,7 +19,6 @@
#include "conntrackd.h"
#include "sync.h"
#include "network.h"
-#include "us-conntrack.h"
#include "alarm.h"
#include "cache.h"
#include "debug.h"
@@ -30,40 +29,40 @@
static void refresher(struct alarm_block *a, void *data)
{
struct nethdr *net;
- struct us_conntrack *u = data;
+ struct cache_object *obj = data;
- debug_ct(u->ct, "persistence update");
+ debug_ct(obj->ct, "persistence update");
add_alarm(a,
random() % CONFIG(refresh) + 1,
((random() % 5 + 1) * 200000) - 1);
- net = BUILD_NETMSG(u->ct, NET_T_STATE_UPD);
+ net = BUILD_NETMSG(obj->ct, NET_T_STATE_UPD);
mcast_buffered_send_netmsg(STATE_SYNC(mcast_client), net);
}
-static void cache_alarm_add(struct us_conntrack *u, void *data)
+static void cache_alarm_add(struct cache_object *obj, void *data)
{
- struct alarm_block *alarm = data;
+ struct alarm_block *a = data;
- init_alarm(alarm, u, refresher);
- add_alarm(alarm,
+ init_alarm(a, obj, refresher);
+ add_alarm(a,
random() % CONFIG(refresh) + 1,
((random() % 5 + 1) * 200000) - 1);
}
-static void cache_alarm_update(struct us_conntrack *u, void *data)
+static void cache_alarm_update(struct cache_object *obj, void *data)
{
- struct alarm_block *alarm = data;
- add_alarm(alarm,
+ struct alarm_block *a = data;
+ add_alarm(a,
random() % CONFIG(refresh) + 1,
((random() % 5 + 1) * 200000) - 1);
}
-static void cache_alarm_destroy(struct us_conntrack *u, void *data)
+static void cache_alarm_destroy(struct cache_object *obj, void *data)
{
- struct alarm_block *alarm = data;
- del_alarm(alarm);
+ struct alarm_block *a = data;
+ del_alarm(a);
}
static struct cache_extra cache_alarm_extra = {
diff --git a/src/sync-ftfw.c b/src/sync-ftfw.c
index 44e8f2f..bddc18c 100644
--- a/src/sync-ftfw.c
+++ b/src/sync-ftfw.c
@@ -18,7 +18,6 @@
#include "conntrackd.h"
#include "sync.h"
-#include "us-conntrack.h"
#include "queue.h"
#include "debug.h"
#include "network.h"
@@ -64,7 +63,7 @@ struct cache_ftfw {
uint32_t seq;
};
-static void cache_ftfw_add(struct us_conntrack *u, void *data)
+static void cache_ftfw_add(struct cache_object *obj, void *data)
{
struct cache_ftfw *cn = data;
/* These nodes are not inserted in the list */
@@ -72,7 +71,7 @@ static void cache_ftfw_add(struct us_conntrack *u, void *data)
INIT_LIST_HEAD(&cn->tx_list);
}
-static void cache_ftfw_del(struct us_conntrack *u, void *data)
+static void cache_ftfw_del(struct cache_object *obj, void *data)
{
struct cache_ftfw *cn = data;
@@ -190,8 +189,8 @@ static void ftfw_kill(void)
static int do_cache_to_tx(void *data1, void *data2)
{
- struct us_conntrack *u = data2;
- struct cache_ftfw *cn = cache_get_extra(STATE_SYNC(internal), u);
+ struct cache_object *obj = data2;
+ struct cache_ftfw *cn = cache_get_extra(STATE_SYNC(internal), obj);
/* repeated request for resync? */
if (!list_empty(&cn->tx_list))
@@ -226,9 +225,6 @@ static void debug_rs_dump(int fd)
size = sprintf(buf, "resent list (len=%u):\n", rs_list_len);
send(fd, buf, size, 0);
list_for_each_entry_safe(cn, tmp, &rs_list, rs_list) {
- struct us_conntrack *u;
-
- u = cache_get_conntrack(STATE_SYNC(internal), cn);
size = sprintf(buf, "seq:%u\n", cn->seq);
send(fd, buf, size, 0);
}
@@ -305,9 +301,9 @@ static void rs_list_to_tx(struct cache *c, unsigned int from, unsigned int to)
struct cache_ftfw *cn, *tmp;
list_for_each_entry_safe(cn, tmp, &rs_list, rs_list) {
- struct us_conntrack *u;
+ struct cache_object *obj;;
- u = cache_get_conntrack(STATE_SYNC(internal), cn);
+ obj = cache_data_get_object(STATE_SYNC(internal), cn);
if (before(cn->seq, from))
continue;
else if (after(cn->seq, to))
@@ -330,9 +326,9 @@ static void rs_list_empty(struct cache *c, unsigned int from, unsigned int to)
struct cache_ftfw *cn, *tmp;
list_for_each_entry_safe(cn, tmp, &rs_list, rs_list) {
- struct us_conntrack *u;
+ struct cache_object *obj;
- u = cache_get_conntrack(STATE_SYNC(internal), cn);
+ obj = cache_data_get_object(STATE_SYNC(internal), cn);
if (before(cn->seq, from))
continue;
else if (after(cn->seq, to))
@@ -473,7 +469,7 @@ out:
return ret;
}
-static void ftfw_send(struct nethdr *net, struct us_conntrack *u)
+static void ftfw_send(struct nethdr *net, struct cache_object *obj)
{
struct cache_ftfw *cn;
@@ -482,7 +478,7 @@ static void ftfw_send(struct nethdr *net, struct us_conntrack *u)
case NET_T_STATE_UPD:
case NET_T_STATE_DEL:
cn = (struct cache_ftfw *)
- cache_get_extra(STATE_SYNC(internal), u);
+ cache_get_extra(STATE_SYNC(internal), obj);
if (!list_empty(&cn->rs_list)) {
list_del_init(&cn->rs_list);
@@ -538,10 +534,10 @@ static int tx_queue_xmit(void *data1, const void *data2)
return 0;
}
-static int tx_list_xmit(struct list_head *i, struct us_conntrack *u, int type)
+static int tx_list_xmit(struct list_head *i, struct cache_object *obj, int type)
{
int ret;
- struct nethdr *net = BUILD_NETMSG(u->ct, type);
+ struct nethdr *net = BUILD_NETMSG(obj->ct, type);
dp("tx_list sq: %u fl:%u len:%u\n",
ntohl(net->seq), net->flags, ntohs(net->len));
@@ -550,7 +546,7 @@ static int tx_list_xmit(struct list_head *i, struct us_conntrack *u, int type)
tx_list_len--;
ret = mcast_buffered_send_netmsg(STATE_SYNC(mcast_client), net);
- ftfw_send(net, u);
+ ftfw_send(net, obj);
return ret;
}
@@ -564,13 +560,13 @@ static void ftfw_run(void)
/* send conntracks in the tx_list */
list_for_each_entry_safe(cn, tmp, &tx_list, tx_list) {
- struct us_conntrack *u;
+ struct cache_object *obj;
- u = cache_get_conntrack(STATE_SYNC(internal), cn);
- if (alarm_pending(&u->alarm))
- tx_list_xmit(&cn->tx_list, u, NET_T_STATE_DEL);
+ obj = cache_data_get_object(STATE_SYNC(internal), cn);
+ if (alarm_pending(&obj->alarm))
+ tx_list_xmit(&cn->tx_list, obj, NET_T_STATE_DEL);
else
- tx_list_xmit(&cn->tx_list, u, NET_T_STATE_UPD);
+ tx_list_xmit(&cn->tx_list, obj, NET_T_STATE_UPD);
}
/* reset alive alarm */
diff --git a/src/sync-mode.c b/src/sync-mode.c
index ad2e2ff..368984f 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -22,7 +22,6 @@
#include "log.h"
#include "cache.h"
#include "conntrackd.h"
-#include "us-conntrack.h"
#include "network.h"
#include "fds.h"
#include "event.h"
@@ -38,7 +37,8 @@ static void do_mcast_handler_step(struct nethdr *net, size_t remain)
{
char __ct[nfct_maxsize()];
struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
- struct us_conntrack *u;
+ struct cache_object *obj;
+ int id;
if (net->version != CONNTRACKD_PROTOCOL_VERSION) {
STATE_SYNC(error).msg_rcv_malformed++;
@@ -75,33 +75,32 @@ static void do_mcast_handler_step(struct nethdr *net, size_t remain)
switch(net->type) {
case NET_T_STATE_NEW:
-retry:
- if ((u = cache_add(STATE_SYNC(external), ct))) {
- debug_ct(u->ct, "external new");
- } else {
- /*
- * One certain connection A arrives to the cache but
- * another existing connection B in the cache has
- * the same configuration, therefore B clashes with A.
- */
- if (errno == EEXIST) {
- cache_del(STATE_SYNC(external), ct);
- goto retry;
+ obj = cache_find(STATE_SYNC(external), ct, &id);
+ if (obj == NULL) {
+retry:
+ obj = cache_object_new(STATE_SYNC(external), ct);
+ if (obj == NULL)
+ return;
+
+ if (cache_add(STATE_SYNC(external), obj, id) == -1) {
+ cache_object_free(obj);
+ return;
}
- debug_ct(ct, "can't add");
+ } else {
+ cache_del(STATE_SYNC(external), obj);
+ cache_object_free(obj);
+ goto retry;
}
break;
case NET_T_STATE_UPD:
- if ((u = cache_update_force(STATE_SYNC(external), ct))) {
- debug_ct(u->ct, "external update");
- } else
- debug_ct(ct, "can't update");
+ cache_update_force(STATE_SYNC(external), ct);
break;
case NET_T_STATE_DEL:
- if (cache_del(STATE_SYNC(external), ct))
- debug_ct(ct, "external destroy");
- else
- debug_ct(ct, "can't destroy");
+ obj = cache_find(STATE_SYNC(external), ct, &id);
+ if (obj) {
+ cache_del(STATE_SYNC(external), obj);
+ cache_object_free(obj);
+ }
break;
default:
STATE_SYNC(error).msg_rcv_malformed++;
@@ -441,14 +440,14 @@ static void dump_sync(struct nf_conntrack *ct)
debug_ct(ct, "resync");
}
-static void mcast_send_sync(struct us_conntrack *u, int query)
+static void mcast_send_sync(struct cache_object *obj, int query)
{
struct nethdr *net;
- net = BUILD_NETMSG(u->ct, query);
+ net = BUILD_NETMSG(obj->ct, query);
if (STATE_SYNC(sync)->send)
- STATE_SYNC(sync)->send(net, u);
+ STATE_SYNC(sync)->send(net, obj);
mcast_buffered_send_netmsg(STATE_SYNC(mcast_client), net);
}
@@ -457,13 +456,13 @@ static int purge_step(void *data1, void *data2)
{
int ret;
struct nfct_handle *h = STATE(dump);
- struct us_conntrack *u = data2;
+ struct cache_object *obj = data2;
- ret = nfct_query(h, NFCT_Q_GET, u->ct);
+ ret = nfct_query(h, NFCT_Q_GET, obj->ct);
if (ret == -1 && errno == ENOENT) {
- debug_ct(u->ct, "overrun purge resync");
- mcast_send_sync(u, NET_T_STATE_DEL);
- __cache_del_timer(STATE_SYNC(internal), u, CONFIG(del_timeout));
+ debug_ct(obj->ct, "overrun purge resync");
+ mcast_send_sync(obj, NET_T_STATE_DEL);
+ cache_del_timer(STATE_SYNC(internal), obj, CONFIG(del_timeout));
}
return 0;
@@ -480,7 +479,7 @@ static int overrun_sync(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct,
void *data)
{
- struct us_conntrack *u;
+ struct cache_object *obj;
if (ct_filter_conntrack(ct, 1))
return NFCT_CB_CONTINUE;
@@ -492,11 +491,9 @@ static int overrun_sync(enum nf_conntrack_msg_type type,
nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS);
nfct_attr_unset(ct, ATTR_USE);
- if (!cache_test(STATE_SYNC(internal), ct)) {
- if ((u = cache_update_force(STATE_SYNC(internal), ct))) {
- debug_ct(u->ct, "overrun resync");
- mcast_send_sync(u, NET_T_STATE_UPD);
- }
+ if ((obj = cache_update_force(STATE_SYNC(internal), ct))) {
+ debug_ct(obj->ct, "overrun resync");
+ mcast_send_sync(obj, NET_T_STATE_UPD);
}
return NFCT_CB_CONTINUE;
@@ -504,50 +501,59 @@ static int overrun_sync(enum nf_conntrack_msg_type type,
static void event_new_sync(struct nf_conntrack *ct)
{
- struct us_conntrack *u;
+ struct cache_object *obj;
+ int id;
/* required by linux kernel <= 2.6.20 */
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS);
nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES);
nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS);
+
+ obj = cache_find(STATE_SYNC(internal), ct, &id);
+ if (obj == NULL) {
retry:
- if ((u = cache_add(STATE_SYNC(internal), ct))) {
- mcast_send_sync(u, NET_T_STATE_NEW);
- debug_ct(u->ct, "internal new");
- } else {
- if (errno == EEXIST) {
- cache_del(STATE_SYNC(internal), ct);
- goto retry;
+ obj = cache_object_new(STATE_SYNC(internal), ct);
+ if (obj == NULL)
+ return;
+ if (cache_add(STATE_SYNC(internal), obj, id) == -1) {
+ cache_object_free(obj);
+ return;
}
+ mcast_send_sync(obj, NET_T_STATE_NEW);
+ debug_ct(obj->ct, "internal new");
+ } else {
+ cache_del(STATE_SYNC(internal), obj);
+ cache_object_free(obj);
debug_ct(ct, "can't add");
+ goto retry;
}
}
static void event_update_sync(struct nf_conntrack *ct)
{
- struct us_conntrack *u;
+ struct cache_object *obj;
- if ((u = cache_update_force(STATE_SYNC(internal), ct)) == NULL) {
+ if ((obj = cache_update_force(STATE_SYNC(internal), ct)) == NULL) {
debug_ct(ct, "can't update");
return;
}
- debug_ct(u->ct, "internal update");
- mcast_send_sync(u, NET_T_STATE_UPD);
+ debug_ct(obj->ct, "internal update");
+ mcast_send_sync(obj, NET_T_STATE_UPD);
}
static int event_destroy_sync(struct nf_conntrack *ct)
{
- struct us_conntrack *u;
+ struct cache_object *obj;
+ int id;
- u = cache_find(STATE_SYNC(internal), ct);
- if (u == NULL) {
+ obj = cache_find(STATE_SYNC(internal), ct, &id);
+ if (obj == NULL) {
debug_ct(ct, "can't destroy");
return 0;
}
-
- mcast_send_sync(u, NET_T_STATE_DEL);
- __cache_del_timer(STATE_SYNC(internal), u, CONFIG(del_timeout));
+ mcast_send_sync(obj, NET_T_STATE_DEL);
+ cache_del_timer(STATE_SYNC(internal), obj, CONFIG(del_timeout));
debug_ct(ct, "internal destroy");
return 1;
}
diff --git a/src/sync-notrack.c b/src/sync-notrack.c
index 700e272..2d3783e 100644
--- a/src/sync-notrack.c
+++ b/src/sync-notrack.c
@@ -18,7 +18,6 @@
#include "conntrackd.h"
#include "sync.h"
-#include "us-conntrack.h"
#include "queue.h"
#include "debug.h"
#include "network.h"
@@ -36,13 +35,13 @@ struct cache_notrack {
struct list_head tx_list;
};
-static void cache_notrack_add(struct us_conntrack *u, void *data)
+static void cache_notrack_add(struct cache_object *obj, void *data)
{
struct cache_notrack *cn = data;
INIT_LIST_HEAD(&cn->tx_list);
}
-static void cache_notrack_del(struct us_conntrack *u, void *data)
+static void cache_notrack_del(struct cache_object *obj, void *data)
{
struct cache_notrack *cn = data;
@@ -89,8 +88,8 @@ static void notrack_kill(void)
static int do_cache_to_tx(void *data1, void *data2)
{
- struct us_conntrack *u = data2;
- struct cache_notrack *cn = cache_get_extra(STATE_SYNC(internal), u);
+ struct cache_object *obj = data2;
+ struct cache_notrack *cn = cache_get_extra(STATE_SYNC(internal), obj);
if (!list_empty(&cn->tx_list))
return 0;
@@ -164,10 +163,10 @@ static int tx_queue_xmit(void *data1, const void *data2)
return 0;
}
-static int tx_list_xmit(struct list_head *i, struct us_conntrack *u, int type)
+static int tx_list_xmit(struct list_head *i, struct cache_object *obj, int type)
{
int ret;
- struct nethdr *net = BUILD_NETMSG(u->ct, type);
+ struct nethdr *net = BUILD_NETMSG(obj->ct, type);
list_del_init(i);
tx_list_len--;
@@ -186,10 +185,10 @@ static void notrack_run(void)
/* send conntracks in the tx_list */
list_for_each_entry_safe(cn, tmp, &tx_list, tx_list) {
- struct us_conntrack *u;
+ struct cache_object *obj;
- u = cache_get_conntrack(STATE_SYNC(internal), cn);
- tx_list_xmit(&cn->tx_list, u, NET_T_STATE_UPD);
+ obj = cache_data_get_object(STATE_SYNC(internal), cn);
+ tx_list_xmit(&cn->tx_list, obj, NET_T_STATE_UPD);
}
}