diff options
| -rw-r--r-- | include/cache.h | 2 | ||||
| -rw-r--r-- | src/cache.c | 14 | ||||
| -rw-r--r-- | src/cache_iterators.c | 13 | ||||
| -rw-r--r-- | src/cache_lifetime.c | 8 |
4 files changed, 28 insertions, 9 deletions
diff --git a/include/cache.h b/include/cache.h index e2e2e34..ba8d3aa 100644 --- a/include/cache.h +++ b/include/cache.h @@ -50,6 +50,8 @@ struct cache { unsigned int extra_offset; /* statistics */ + unsigned int active; + unsigned int add_ok; unsigned int del_ok; unsigned int upd_ok; diff --git a/src/cache.c b/src/cache.c index 7cd5ac7..820a385 100644 --- a/src/cache.c +++ b/src/cache.c @@ -208,6 +208,7 @@ static struct us_conntrack *__add(struct cache *c, struct nf_conntrack *ct) if (c->extra && c->extra->add) c->extra->add(u, ((char *) u) + c->extra_offset); + c->active++; return u; } free(newct); @@ -323,6 +324,15 @@ static void __del2(struct cache *c, struct us_conntrack *u) static void __cache_del(struct cache *c, struct us_conntrack *u) { + /* + * Do not increase stats if we are trying to + * kill an entry was previously deleted via + * __cache_del_timer. + */ + if (!alarm_pending(&u->alarm)) { + c->del_ok++; + c->active--; + } del_alarm(&u->alarm); __del2(c, u); } @@ -338,7 +348,6 @@ int cache_del(struct cache *c, struct nf_conntrack *ct) u = (struct us_conntrack *) hashtable_test(c->h, u); if (u) { __cache_del(c, u); - c->del_ok++; return 1; } c->del_fail++; @@ -369,6 +378,7 @@ __cache_del_timer(struct cache *c, struct us_conntrack *u, int timeout) * properly. */ c->del_ok++; + c->active--; return 1; } return 0; @@ -406,7 +416,7 @@ void cache_stats(const struct cache *c, int fd) "connections updated:\t\t%12u\tfailed:\t%12u\n" "connections destroyed:\t\t%12u\tfailed:\t%12u\n\n", c->name, - hashtable_counter(c->h), + c->active, c->add_ok, c->add_fail, c->upd_ok, diff --git a/src/cache_iterators.c b/src/cache_iterators.c index e9ddbc0..407db0b 100644 --- a/src/cache_iterators.c +++ b/src/cache_iterators.c @@ -42,6 +42,19 @@ static int do_dump(void *data1, void *data2) char *data = u->data; unsigned i; + /* + * XXX: Do not dump the entries that are scheduled to expire. + * These entries talk about already destroyed connections + * that we keep for some time just in case that we have to + * resent some lost messages. We do not show them to the + * user as he may think that the firewall replicas are not + * in sync. The branch below is a hack as it is quite + * specific and it breaks conntrackd modularity. Probably + * there's a nicer way to do this but until I come up with it... + */ + if (CONFIG(flags) & CTD_SYNC_FTFW && alarm_pending(&u->alarm)) + return 0; + memset(buf, 0, sizeof(buf)); size = nfct_snprintf(buf, sizeof(buf), diff --git a/src/cache_lifetime.c b/src/cache_lifetime.c index cf84d20..ad3416a 100644 --- a/src/cache_lifetime.c +++ b/src/cache_lifetime.c @@ -53,13 +53,7 @@ static int lifetime_dump(struct us_conntrack *u, gettimeofday(&tv, NULL); - if (alarm_pending(&u->alarm)) - return sprintf(buf, " [active since %lds] [expires in %lds]", - tv.tv_sec - *lifetime, - u->alarm.tv.tv_sec - tv.tv_sec); - else - return sprintf(buf, " [active since %lds]", - tv.tv_sec - *lifetime); + return sprintf(buf, " [active since %lds]", tv.tv_sec - *lifetime); } struct cache_feature lifetime_feature = { |