| Age | Commit message (Collapse) | Author |
|---|
|
This patch adds strict attribute size checking. This is good to
detect corrupted or malformed messages.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch simplifies the message format of the replication
messages. As a result, we save four bytes. The netpld header
was introduced in the early protocol design. Today, it does
not have any reason to exist.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch fixes NTA_MASTER_L4PROTO parsing which was missing. This
problem was introduced in "network: rework TLV-based protocol", commit
id 76ac8ebe5e49385585c8e29fe530ed4baef390bf, ie. somewhere in the
development of 0.9.9. This patch also fixes the size of parsing
callback array that is NTA_MAX, not ATTR_MAX. This problem does not
affect conntrack-tools <= 0.9.8.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch reworks the TLV-based protocol to reduce the overhead
in the message building. The idea is to group some attributes
that must be present in a consistent configuration. Putting them
together help us to save some cycles in the message building.
Now, oprofile reports ~15% of samples in the build path instead
of ~25%. CPU consumption for 3000 HTTP GET requests per second
(1000 concurrent with apache benchmark tool) is ~45% in my
testbed, that is ~19% more consumption than with no replication
at all.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
only which is incompatible AFAIK
|
|
has been Max Kellermann and has no issues with relicensing their contributions.
|
|
o add support for NAT sequence adjustment (requires Linux kernel >= 2.6.25)
o remove TODO file from release tarballs
|
|
import only required C headers and put local headers on top to check
|
|
use C99 integers (uint32_t instead of u_int32_t)
|
|
set the return type of the parse functions to "void"
|
|
o update leftover references to `persistent' and `nack' modes
|
|
o fix missing `-g' and `-n' options in getopt_long control string
o add support for secmark (requires Linux kernel >= 2.6.25)
o add mark and secmark information to the manpage
o cleanup error message
= conntrackd =
o add support for secmark (requires Linux kernel >= 2.6.25)
o add conntrackd (8) manpage
|
|
- add len field to nethdr
- implement buffered send/recv to batch messages
- stop using netlink format for network messages: use similar TLV-based format
- reduce synchronization messages size up to 60%
- introduce periodic alive messages for sync-nack protocol
- timeslice alarm implementation: remove alarm pthread, remove locking
- simplify debugging functions: use nfct_snprintf instead
- remove major use of libnfnetlink functions: use libnetfilter_conntrack API
- deprecate conntrackd -F, use conntrack -F instead
- major rework of the network infrastructure: much simple, less messy
|
