diff options
| -rw-r--r-- | src/run.c | 41 | ||||
| -rw-r--r-- | src/sync-mode.c | 26 |
2 files changed, 34 insertions, 33 deletions
@@ -40,10 +40,10 @@ void killer(int foo) /* no signals while handling signals */ sigprocmask(SIG_BLOCK, &STATE(block), NULL); - if (!(CONFIG(flags) & CTD_POLL)) { + if (!(CONFIG(flags) & CTD_POLL)) nfct_close(STATE(event)); - nfct_close(STATE(resync)); - } + + nfct_close(STATE(resync)); nfct_close(STATE(get)); nfct_close(STATE(request)); @@ -220,7 +220,7 @@ static void do_polling_alarm(struct alarm_block *a, void *data) if (STATE(mode)->purge) STATE(mode)->purge(); - nl_send_resync(STATE(dump)); + nl_send_resync(STATE(resync)); add_alarm(&STATE(polling_alarm), CONFIG(poll_kernel_secs), 0); } @@ -333,21 +333,22 @@ init(void) nfct_callback_register(STATE(event), NFCT_T_ALL, event_handler, NULL); register_fd(nfct_fd(STATE(event)), STATE(fds)); + } - STATE(resync) = nfct_open(CONNTRACK, 0); - if (STATE(resync)== NULL) { - dlog(LOG_ERR, "can't open netlink handler: %s", - strerror(errno)); - dlog(LOG_ERR, "no ctnetlink kernel support?"); - return -1; - } - nfct_callback_register(STATE(resync), - NFCT_T_ALL, - STATE(mode)->resync, - NULL); - register_fd(nfct_fd(STATE(resync)), STATE(fds)); - fcntl(nfct_fd(STATE(resync)), F_SETFL, O_NONBLOCK); + /* resynchronize (like 'dump' socket) but it also purges old entries */ + STATE(resync) = nfct_open(CONNTRACK, 0); + if (STATE(resync)== NULL) { + dlog(LOG_ERR, "can't open netlink handler: %s", + strerror(errno)); + dlog(LOG_ERR, "no ctnetlink kernel support?"); + return -1; } + nfct_callback_register(STATE(resync), + NFCT_T_ALL, + STATE(mode)->resync, + NULL); + register_fd(nfct_fd(STATE(resync)), STATE(fds)); + fcntl(nfct_fd(STATE(resync)), F_SETFL, O_NONBLOCK); STATE(dump) = nfct_open(CONNTRACK, 0); if (STATE(dump) == NULL) { @@ -357,8 +358,6 @@ init(void) return -1; } nfct_callback_register(STATE(dump), NFCT_T_ALL, dump_handler, NULL); - if (CONFIG(flags) & CTD_POLL) - register_fd(nfct_fd(STATE(dump)), STATE(fds)); if (nl_dump_conntrack_table(STATE(dump)) == -1) { dlog(LOG_ERR, "can't get kernel conntrack table"); @@ -501,8 +500,8 @@ static void __run(struct timeval *next_alarm) } } else { /* using polling mode */ - if (FD_ISSET(nfct_fd(STATE(dump)), &readfds)) { - nfct_catch(STATE(dump)); + if (FD_ISSET(nfct_fd(STATE(resync)), &readfds)) { + nfct_catch(STATE(resync)); } } diff --git a/src/sync-mode.c b/src/sync-mode.c index 63948f1..74eb36e 100644 --- a/src/sync-mode.c +++ b/src/sync-mode.c @@ -507,8 +507,6 @@ static void mcast_send_sync(struct cache_object *obj, int query) static void dump_sync(struct nf_conntrack *ct) { - struct cache_object *obj; - /* This is required by kernels < 2.6.20 */ nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES); nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS); @@ -516,13 +514,8 @@ static void dump_sync(struct nf_conntrack *ct) nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS); nfct_attr_unset(ct, ATTR_USE); - obj = cache_update_force(STATE_SYNC(internal), ct); - if ((CONFIG(flags) & CTD_POLL)) { - if (obj != NULL && obj->status == C_OBJ_NEW) { - debug_ct(ct, "poll"); - mcast_send_sync(obj, NET_T_STATE_NEW); - } - } + if (cache_update_force(STATE_SYNC(internal), ct)) + debug_ct(ct, "dump"); } static int purge_step(void *data1, void *data2) @@ -566,11 +559,20 @@ static int resync_sync(enum nf_conntrack_msg_type type, nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS); nfct_attr_unset(ct, ATTR_USE); - if ((obj = cache_update_force(STATE_SYNC(internal), ct))) { - debug_ct(obj->ct, "resync"); + obj = cache_update_force(STATE_SYNC(internal), ct); + if (obj == NULL) + return NFCT_CB_CONTINUE; + + switch (obj->status) { + case C_OBJ_NEW: + debug_ct(ct, "resync"); + mcast_send_sync(obj, NET_T_STATE_NEW); + break; + case C_OBJ_ALIVE: + debug_ct(ct, "resync"); mcast_send_sync(obj, NET_T_STATE_UPD); + break; } - return NFCT_CB_CONTINUE; } |