| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch constifies the first parameter, which is a conntrack
object, in all nl_*_conntrack() functions.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch changes the behaviour of nl_create_conntrack() and
nl_update_conntrack() which now clone the conntrack object
received as parameter. This was not required as these functions
were called inside fork(), thus, they modified a copy of the
real conntrack objects in the child process.
However, this behaviour is broken following the try-again
logic in __do_commit_step. For example, if we try to update
an expected conntrack object that has vanished for whatever
reason, since nl_update_conntrack() modifies the object (unset
the master conntrack information), nl_create_conntrak() will
create an entry without the master conntrack information.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch is a cleanup. It moves the callbacks from netlink.c to
run.c where they are actually invoked. This is better for code
readability as I usually have to switch from run.c to netlink.c
to remember what the callbacks actually do.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch avoids a double filtering in user-space and kernel-space if
the kernel support BSF. Since we do not use BSF for dumps and resyncs,
we add a new parameter to ignore_conntrack to indicate if we have to
perform the filtering in user-space or not.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Commit master entries before related ones to avoid ENOENT errors.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds nl_get_conntrack and it changes the behaviour of
nl_exist_conntrack. Now, nl_get_conntrack requests the kernel for
a conntrack and updates the cached entry. On the other hand,
nl_exist_conntrack only inquiries for the existence of the
entry.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
