diff options
| -rw-r--r-- | include/netlink.h | 4 | ||||
| -rw-r--r-- | src/cache_iterators.c | 12 | ||||
| -rw-r--r-- | src/cache_wt.c | 6 | ||||
| -rw-r--r-- | src/netlink.c | 14 |
4 files changed, 19 insertions, 17 deletions
diff --git a/include/netlink.h b/include/netlink.h index d8a4fef..9d67165 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -17,8 +17,8 @@ void nl_resize_socket_buffer(struct nfct_handle *h); int nl_dump_conntrack_table(struct nfct_handle *h); int nl_flush_conntrack_table(struct nfct_handle *h); int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct); -int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct); -int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct); +int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct, int timeout); +int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct, int timeout); int nl_destroy_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct); static inline int ct_is_related(const struct nf_conntrack *ct) diff --git a/src/cache_iterators.c b/src/cache_iterators.c index 379deed..9b54ea1 100644 --- a/src/cache_iterators.c +++ b/src/cache_iterators.c @@ -105,14 +105,8 @@ __do_commit_step(struct __commit_container *tmp, struct cache_object *obj) int ret, retry = 1; struct nf_conntrack *ct = obj->ct; - /* - * Set a reduced timeout for candidate-to-be-committed - * conntracks that live in the external cache - */ - nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(commit_timeout)); - retry: - if (nl_create_conntrack(tmp->h, ct) == -1) { + if (nl_create_conntrack(tmp->h, ct, CONFIG(commit_timeout)) == -1) { if (errno == EEXIST && retry == 1) { ret = nl_destroy_conntrack(tmp->h, ct); if (ret == 0 || (ret == -1 && errno == ENOENT)) { @@ -223,9 +217,7 @@ static int do_reset_timers(void *data1, struct hashtable_node *n) if (current_timeout < CONFIG(purge_timeout)) break; - nfct_set_attr_u32(tmp, ATTR_TIMEOUT, CONFIG(purge_timeout)); - - if (nl_update_conntrack(h, tmp) == -1) { + if (nl_update_conntrack(h, tmp, CONFIG(purge_timeout)) == -1) { if (errno == ETIME || errno == ENOENT) break; dlog(LOG_ERR, "reset-timers-upd: %s", strerror(errno)); diff --git a/src/cache_wt.c b/src/cache_wt.c index 4b67e8e..6f9ccc7 100644 --- a/src/cache_wt.c +++ b/src/cache_wt.c @@ -38,14 +38,14 @@ static void add_wt(struct cache_object *obj) break; case 0: memcpy(ct, obj->ct, nfct_maxsize()); - if (nl_create_conntrack(STATE(dump), ct) == -1) { + if (nl_create_conntrack(STATE(dump), ct, 0) == -1) { dlog(LOG_ERR, "cache_wt create: %s", strerror(errno)); dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); } break; case 1: memcpy(ct, obj->ct, nfct_maxsize()); - if (nl_update_conntrack(STATE(dump), ct) == -1) { + if (nl_update_conntrack(STATE(dump), ct, 0) == -1) { dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno)); dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); } @@ -60,7 +60,7 @@ static void upd_wt(struct cache_object *obj) memcpy(ct, obj->ct, nfct_maxsize()); - if (nl_update_conntrack(STATE(dump), ct) == -1) { + if (nl_update_conntrack(STATE(dump), ct, 0) == -1) { dlog(LOG_ERR, "cache_wt update:%s", strerror(errno)); dlog_ct(STATE(log), obj->ct, NFCT_O_PLAIN); } diff --git a/src/netlink.c b/src/netlink.c index e538aa0..24d61a0 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -197,7 +197,9 @@ int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct) return 1; } -int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) +int nl_create_conntrack(struct nfct_handle *h, + const struct nf_conntrack *orig, + int timeout) { int ret; struct nf_conntrack *ct; @@ -206,6 +208,9 @@ int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) if (ct == NULL) return -1; + if (timeout > 0) + nfct_set_attr_u32(ct, ATTR_TIMEOUT, timeout); + /* we hit error if we try to change the expected bit */ if (nfct_attr_is_set(ct, ATTR_STATUS)) { uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS); @@ -233,7 +238,9 @@ int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) return ret; } -int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) +int nl_update_conntrack(struct nfct_handle *h, + const struct nf_conntrack *orig, + int timeout) { int ret; struct nf_conntrack *ct; @@ -242,6 +249,9 @@ int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) if (ct == NULL) return -1; + if (timeout > 0) + nfct_set_attr_u32(ct, ATTR_TIMEOUT, timeout); + /* unset NAT info, otherwise we hit error */ nfct_attr_unset(ct, ATTR_SNAT_IPV4); nfct_attr_unset(ct, ATTR_DNAT_IPV4); |