summaryrefslogtreecommitdiff
path: root/src/sync-ftfw.c
AgeCommit message (Collapse)Author
2012-01-10conntrackd: generalize/cleanup network message building/parsingPablo Neira Ayuso
This patch generalizes the network message building and parsing to prepare the upcoming expectation support. Basically, it renames: - NET_T_STATE_* by NET_T_STATE_CT_*, as I plan to add NET_T_STATE_EXP_* - BUILD_NETMSG by BUILD_NETMSG_FROM_CT, and build_payload by ct2msg. I plan to add exp2msg. - parse_payload by msg2ct, since I plan to add msg2exp. - modify object_status_to_network_type to prepare the support of expectations. - add prefix ct_ to all parsing functions in parse.c, as we will have similar functions to convert messages to expectation objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-01-10conntrackd: generalize caching infrastructurePablo Neira Ayuso
This patch generalizes the caching infrastructure to store different object types. This patch is the first in the series to prepare support for the synchronization of expectations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-01-04conntrackd: fix checking of return value of queue_add()Pablo Neira Ayuso
Most callers of queue_add() assume that it returns != 0 in case of success. However, it may return -1 in case that the queue gets full. In that case, most callers have to: - release the object that they want to enqueue. - decrement the refcount, in case they have bumped it. However, most of these callers are using the tx_queue which currently has no limit in size at all. This fix is necessary in case that I decide to limit the size of the transmission queue in the future (which makes a lot of sense indeed). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-10-21conntrackd: add `DisableInternalCache' clausePablo Neira Ayuso
This patch adds the clause `DisableInternalCache' that allows you to bypass the internal cache. This clause can only be used with the notrack synchronization mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-07-17local: add LOCAL_RET_* return values for UNIX sockets callbacksPablo Neira Ayuso
This patch adds the LOCAL_RET_* return values. The return value LOCAL_RET_STOLEN which allows to leave a client socket open while waiting for an operation to finish. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-06-20conntrackd: add the name field to queuesPablo Neira Ayuso
This patch adds the name field to identify the queue by means of a string. This patch is used by the next one that introduces per-queue statistics. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-06-20conntrackd: rename `-s queue' option by `-s rsqueue'Pablo Neira Ayuso
This patch renames the statistics option that displays the content of the resend queue which is used by the ftfw mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-03-12sync-mode: rename mcast_track_*() by nethdr_track_*()Pablo Neira Ayuso
This patch is a cleanup. It renames the mcast_track_*() functions by nethdr_track_*() because this functions are related to message sequence tracking. They are not stick to multicast at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-03-12sync-mode: add abstract layer to make daemon independent of multicastPablo Neira Ayuso
This patch reworks conntrackd to make it independent of the protocol used to propagate state-changes. This patch adds the channel layer abstraction, this layer allows you to add support for different protocols like unicast UDP or TIPC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-02-20src: remove obsolete debug() and debug_ct() callsPablo Neira Ayuso
This patch removes debug() and debug_ct(), I haven't use the debugging information that these functions provide in years. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-25cache: move lifetime feature to main cache codePablo Neira Ayuso
The lifetime feature is used by all working modes, it is useful to know how long it has been an entry living in the cache. This patch moves the lifetime feature to the main caching code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-17src: add `-s queue' and change `-v' behaviourPablo Neira Ayuso
This patch moves the existing `-v' behaviour to `-s queue' where it really belongs. The `-v' option is now left to display the version which is the common use of it. # conntrackd -v Connection tracking userspace daemon v0.9.9. Licensed under GPLv2. (C) 2006-2009 Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-17ftfw: add ResendQueueSize and deprecate ResendBufferSize clausesPablo Neira Ayuso
This patch adds ResendQueueSize, which sets the number of objects that can be stored in the resend queue waiting to be confirmed. The ResendBufferSize clause has been deprecated. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-17network: do not re-set the message type in nethdr_set* functionsPablo Neira Ayuso
The network headers already contain the message type set. It is not necessary to set it up again. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-17sync: enqueue state updates to tx_queuePablo Neira Ayuso
With this patch, all the states updates are enqueued in the tx_queue. Thus, there's a single output path. This patch adds a simple refcounting mechanism to note when an object is sitting in the txqueue. This patch also removes the alarm that is required by the ftfw approach. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-17sync: add generic tx_queue for all synchronization modesPablo Neira Ayuso
This patch adds a generic tx queue for all synchronization modes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-17ftfw: move helloing to ftfw_xmit()Pablo Neira Ayuso
This patch moves the helloing logic into ftfw_xmit. Still, the helloing is kept in ftfw_send as we still have two possible paths for messages. This will be removed in the next patches to make all message go over a single txqueue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-15sync: unify tx_list and tx_queue into one single tx_queuePablo Neira Ayuso
This patch unifies the tx_list and the tx_queue to have only one transmission queue. Since the tx_list hold state objects and tx_queue control messages, I have introduced a queue node type that can be used to differenciate the kind of information that the node stores: object or control message. This patch also reworks the existing queue class to include a file descriptor that can be used to know if there are new data added to the queue (see QUEUE_F_EVFD flag). In this change, I have also modified the current evfd to make the file descriptor to make read operations non-blocking. Moreover, it keeps a counter that is used to know how many messages are inserted in the queue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-15src: rework of the hash-cache infrastructurePablo Neira Ayuso
Currently, the caching system is implemented in a two layer architecture: hashtable (inner layer) and cache (upper layer). This patch reworks the hash-cache infrastructure to solve some initial design problems to make it more flexible, the main strong points of this patch are: * Memory handling is done in the cache layer, not in the inner hashtable layer. This removes one of the main dependencies between the hashtable and the cache classes. * Remove excessive encapsulation: the former cache used to hide a lot of details of the inner hashtable implementation. * Fix over-hashing of some operations: lookup-delete-add required three hash calculations. Similarly, the update-or-add operation required two hash calculations. Now, we calculate the hash once and re-use the value how many times as we need. This patch simplifies the caching system. As a result, we save ~130 lines of code. Small code means and less complexity means less chance to have bugs. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-21src: add network statistics via `-s network'Pablo Neira Ayuso
This patch adds networks statistics that you can check via `conntrackd -s network'. This information is useful for trouble-shooting. This patch replaces several log messages that can be triggered in runtime. The idea behind this patch is to avoid log message flooding under errors. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-13ftfw: shrink alive message sizePablo Neira Ayuso
This patch reduces the size of alive messages by removing the "from" and "to" fields which are not of any help. This patch also removes the IS_CTL() macro since it does not return true for the control messages anymore but only for IS_ACK(), IS_NACK() and IS_RESYNC(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-13network: do more strict message type checkingPablo Neira Ayuso
This patch adds more strict checking in the message type. We add a new message type NET_T_CTL for control messages. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-13ftfw: resync messages can be retransmittedPablo Neira Ayuso
This patch includes resync messages in the tx queue. Thus, if a resync message gets lost, it is resent. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-13ftfw: do not check for data messages in tx_queue_xmitPablo Neira Ayuso
This patch removes a IS_DATA(net) in tx_queue_xmit which is not possible to happen anymore since there are no chances to have data in the transmission queue (instead it is all in the transmission list). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-13network: use NET_T_* instead of NFCT_Q_*Pablo Neira Ayuso
This patch replaces the use of NFCT_Q_* in the message type by specific network message type NET_T_*. The query types are reserved for libnetfilter_conntrack operations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-08network: remove the netpld header from the messagesPablo Neira Ayuso
This patch simplifies the message format of the replication messages. As a result, we save four bytes. The netpld header was introduced in the early protocol design. Today, it does not have any reason to exist. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-08network: remove length parameter of mcast_buffered_send_netmsg()Pablo Neira Ayuso
This patch simplifies mcast_buffered_send_netmsg() by removing the length parameter. Instead, we use the length field in the nethdr to know the message size to be sent. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-11-26ftfw: remove useless ftfw_run invocation in the alive alarm handlerPablo Neira Ayuso
This patch removes a forced run of the transmission queue. This is not required since we currently have an event descriptor that indicates when to give a queue run to push pending messages. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-11-02network: add protocol version field (breaks backward compatibility)Pablo Neira Ayuso
This patch adds the version field (8-bits long) to the nethdr structure. This fields can be used to indicate the protocol version in case that we detect an incompatibility between two conntrackd daemons working with different protocol versions. Unfortunately, this patch breaks backward compatibility, ie. conntrackd <= 0.9.8 protocol is not compatible with the upcoming conntrackd >= 0.9.9. Better do this now than later. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-10-26ftfw: remove bottleneck in ack/nack handlingPablo Neira Ayuso
Since the resend list/queue contain elements in order, we can break looping once we find the first element that is after the ack/nack window. This patch fixes a bottleneck in the ack/nack handling reported by oprofile. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-10-26ftfw: add option `-v' to output debugging information (if any)Pablo Neira Ayuso
This patch introduces the option `-v' to show useful debugging information, if any. As for now, only sync-ftfw.c make use of it to display the content and the length of the resent list/queue. This is useful to check for message leaks. Other working modes or synchronization approaches may use it to display debugging information in the future. This patch removes _SIGNAL_DEBUG in sync-ftfw.c that was used for for the same purpose. However, it could only be enabled at compilation time and it uses signalling instead of the standard UNIX socket interface that conntrackd provides. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-09-25ftfw: reset window and flush the resend queue during helloingPablo Neira Ayuso
This fixes two bugs when a hello message is received: * We can create malformed nack messages during the helloing. We have to reset the acknowlegdment window, otherwise we may create malformed nack messages. * We have to empty the resend list/queue when a hello message is received, otherwise the entries get stuck to the resend queue once the sequence number wraps around. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-09-25ftfw: fix race condition in the helloing routinePablo Neira Ayuso
This patch fixes a race condition that can prevent one node from sending the initial hello message required to reset the sequence tracking. node A node B | | start | | hello msg |----------------------->| stop | | start | | |<-----------------------| hello-back msg In the picture above, the node A never sends the hello messages. Thus, the node B drops the next messages as they are in the before boundary. This patch adds a new state to the the helloing state-machine to fix this problem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-09-25ftfw: fix race that triggers a double insertion into tx_listPablo Neira Ayuso
This patch fixes a race condition that can trigger a double insertion to the tx_list. This happens if we receive two resync request very close or resync just after a nack or vice-versa. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-09-21fix: remove node from tx_list when the state-entry is destroyPablo Neira Ayuso
This patches fixes a race that triggers a read-after-free access to the tx_list. The state-entry is destroyed but it is still in the list. The fix removes the state-entry from the tx_list in the destroy path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-09-17cleanup: remove some debug messages from sync-ftfw.cPablo Neira Ayuso
Remove useless debug messages, now we have a pluging for tcpdump to debug the FT-FW protocol. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-09-16ftfw: check for malformed ack and nack messagesPablo Neira Ayuso
This patch checks that the [from, to] interval of ack and nack messages is OK. In other words, we check that: to >= from Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-05-26rework the HELLO logic inside FT-FWPablo Neira Ayuso
2008-05-25add eventfd emulation to communicate receiver -> senderPablo Neira Ayuso
2008-04-29Fix reorder possible reordering of destroy messages under message omission. ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
2008-04-26rework of the FT-FW approach/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-03-08revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
only which is incompatible AFAIK
2008-03-08relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
has been Max Kellermann and has no issues with relicensing their contributions.
2008-01-29implement a rb-tree based alarm framework/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-01-23Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
use size_t
2008-01-20Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
remove init_alarm() before add_alarm()
2008-01-20Based on patch from Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
merge mod_alarm() into add_alarm(), remove alarm_set_expiration()
2008-01-18yet another rework of the alarm scheduler/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-01-18Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
Simplify logging infrastructure
2008-01-17Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
import only required C headers and put local headers on top to check