| Age | Commit message (Collapse) | Author |
|---|
|
We now include one pointer to the object in the extra section.
This is required to generalize this code for the expectation
support. We consume 4-8 bytes extra, but we will not need more
changes to support expectations which is a good idea.
|
|
This patch simplifies cache_get_extra which now takes only one
parameter that is the cache_object. With it, the extra area can be
calculated.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch generalizes the network message building and parsing
to prepare the upcoming expectation support.
Basically, it renames:
- NET_T_STATE_* by NET_T_STATE_CT_*, as I plan to add NET_T_STATE_EXP_*
- BUILD_NETMSG by BUILD_NETMSG_FROM_CT, and build_payload by ct2msg.
I plan to add exp2msg.
- parse_payload by msg2ct, since I plan to add msg2exp.
- modify object_status_to_network_type to prepare the support of
expectations.
- add prefix ct_ to all parsing functions in parse.c, as we will have
similar functions to convert messages to expectation objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch generalizes the caching infrastructure to store different
object types. This patch is the first in the series to prepare
support for the synchronization of expectations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Most callers of queue_add() assume that it returns != 0 in case of
success. However, it may return -1 in case that the queue gets full.
In that case, most callers have to:
- release the object that they want to enqueue.
- decrement the refcount, in case they have bumped it.
However, most of these callers are using the tx_queue which currently
has no limit in size at all. This fix is necessary in case that I
decide to limit the size of the transmission queue in the future
(which makes a lot of sense indeed).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds the clause `DisableInternalCache' that allows you
to bypass the internal cache. This clause can only be used with
the notrack synchronization mode.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch is a cleanup. It renames the mcast_track_*() functions
by nethdr_track_*() because this functions are related to message
sequence tracking. They are not stick to multicast at all.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch reworks conntrackd to make it independent of the protocol
used to propagate state-changes. This patch adds the channel layer
abstraction, this layer allows you to add support for different
protocols like unicast UDP or TIPC.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch removes debug() and debug_ct(), I haven't use the
debugging information that these functions provide in years.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
The lifetime feature is used by all working modes, it is useful to
know how long it has been an entry living in the cache. This patch
moves the lifetime feature to the main caching code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
With this patch, all the states updates are enqueued in the
tx_queue. Thus, there's a single output path. This patch adds a
simple refcounting mechanism to note when an object is sitting in
the txqueue. This patch also removes the alarm that is required by
the ftfw approach.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Currently, the caching system is implemented in a two layer
architecture: hashtable (inner layer) and cache (upper layer).
This patch reworks the hash-cache infrastructure to solve some
initial design problems to make it more flexible, the main strong
points of this patch are:
* Memory handling is done in the cache layer, not in the inner
hashtable layer. This removes one of the main dependencies between
the hashtable and the cache classes.
* Remove excessive encapsulation: the former cache used to hide a
lot of details of the inner hashtable implementation.
* Fix over-hashing of some operations: lookup-delete-add required
three hash calculations. Similarly, the update-or-add operation
required two hash calculations. Now, we calculate the hash once
and re-use the value how many times as we need.
This patch simplifies the caching system. As a result, we save ~130
lines of code. Small code means and less complexity means less
chance to have bugs.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch replaces the use of NFCT_Q_* in the message type by
specific network message type NET_T_*. The query types are reserved
for libnetfilter_conntrack operations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch simplifies the message format of the replication
messages. As a result, we save four bytes. The netpld header
was introduced in the early protocol design. Today, it does
not have any reason to exist.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch simplifies mcast_buffered_send_netmsg() by removing the
length parameter. Instead, we use the length field in the nethdr
to know the message size to be sent.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
only which is incompatible AFAIK
|
|
has been Max Kellermann and has no issues with relicensing their contributions.
|
|
|
|
use size_t
|
|
|
|
remove init_alarm() before add_alarm()
|
|
merge mod_alarm() into add_alarm(), remove alarm_set_expiration()
|
|
|
|
import only required C headers and put local headers on top to check
|
|
Fix tons of gcc warnings
|
|
set the return type of the parse functions to "void"
|
|
the global variable "alarm" conflicts with the alarm() function from
unistd.h. resolve that conflict by giving those two global variables
a better name.
|
|
|
|
(Based on comments from Max Kellerman)
|
|
o rename `persistent' mode to `alarm'
o rename `nack' mode to `ftfw'
o Now default synchronization mode is ftfw instead of alarm
|
