[netfilter-cvslog] r3261 - trunk/netfilter-ha/ct_sync
hidden at netfilter.org
hidden at netfilter.org
Tue Nov 2 00:26:10 CET 2004
Author: hidden at netfilter.org
Date: 2004-11-02 00:26:09 +0100 (Tue, 02 Nov 2004)
New Revision: 3261
Modified:
trunk/netfilter-ha/ct_sync/ct_sync_main.c
trunk/netfilter-ha/ct_sync/ct_sync_proto.c
Log:
- fix some gcc warnings
- fix seqno diff calculations (operator & instead of %)
- really substract 1 from the sequence number received in
a master announcement
- don't acquire the receive spin_lock of the receive ring when
receiving messages, since that function is called only from
the rcv thread
- when doing an initial synchronization dump entries conforming
to our connmark-based policy
- don't stop timers of all conntrack entries when starting as
a slave, this could lead to dead conntrack entries staying in
the hash forever
Modified: trunk/netfilter-ha/ct_sync/ct_sync_main.c
===================================================================
--- trunk/netfilter-ha/ct_sync/ct_sync_main.c 2004-11-01 07:38:59 UTC (rev 3260)
+++ trunk/netfilter-ha/ct_sync/ct_sync_main.c 2004-11-01 23:26:09 UTC (rev 3261)
@@ -1083,7 +1083,12 @@
if (DIRECTION(h))
return 0;
- if (likely(is_confirmed(ct))) {
+ if (likely(is_confirmed(ct)
+#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+ /* stop timer only if this is a synchronized connection */
+ && test_bit(cmarkbit, &ct->mark)
+#endif
+ )) {
char *buff;
struct cts_buff *csb;
buff = cts_proto_want_enqueue(cts_cfg.protoh, &csb,
@@ -1107,7 +1112,7 @@
CT_SYNC_ENTER();
- (char *) hdr = cts_proto_want_enqueue(cts_cfg.protoh, &csb, CTMSG_SIZEOF(0));
+ hdr = (struct ct_sync_msghdr *) cts_proto_want_enqueue(cts_cfg.protoh, &csb, CTMSG_SIZEOF(0));
if (unlikely(!hdr)) {
CT_SYNC_ERR("unable to store create event\n");
return 1;
@@ -1841,7 +1846,10 @@
}
} else {
/* slave: stop timers of conntracks */
- ct_sync_stop_timers();
+ /* FIXME: should we stop all timers on startup? This could cause
+ * connections left in the hashes for an indefinite amount
+ * of time... */
+ //ct_sync_stop_timers();
/* initsync request is handled by kernel thread */
}
Modified: trunk/netfilter-ha/ct_sync/ct_sync_proto.c
===================================================================
--- trunk/netfilter-ha/ct_sync/ct_sync_proto.c 2004-11-01 07:38:59 UTC (rev 3260)
+++ trunk/netfilter-ha/ct_sync/ct_sync_proto.c 2004-11-01 23:26:09 UTC (rev 3261)
@@ -109,7 +109,7 @@
cts_proto_statenames[state]);
}
-char *cts_proto_get_state_name(struct cts_protoh *cph)
+const char *cts_proto_get_state_name(struct cts_protoh *cph)
{
return cts_proto_statenames[atomic_read(&cph->state)];
}
@@ -746,7 +746,7 @@
{
int diff = cseq - seq + 0x18fff;
- return (diff % 0x10000) - 0x8fff;
+ return (diff & 0xffff) - 0x8fff;
}
/* Recover lost packets
@@ -791,7 +791,7 @@
bseq = ntohs(((struct cts_buff *)i)->pkt.hdr.pktseq);
/* check seqno of csr->backlog */
- if (cts_seqno_cmp(bseq, (u16)((seq + 1) % 0xffff)) > 0) {
+ if (cts_seqno_cmp(bseq, (u16)((seq + 1) & 0xffff)) > 0) {
/* give up and request initsync */
CT_SYNC_DEBUG("recovery impossible: backlog begins at %d\n", bseq);
spin_unlock_bh(&csr->lock);
@@ -1043,7 +1043,7 @@
CT_SYNC_INFO("received out-of-sequence sync pkt "
"(rcv:%u, exp:%u)\n",
- ntohs(csb->pkt.hdr.pktseq), csr->seqno+1);
+ ntohs(csb->pkt.hdr.pktseq), csr->seqno + 1);
sdiff = cts_seqno_cmp(ntohs(csb->pkt.hdr.pktseq),
csr->seqno);
@@ -1105,8 +1105,8 @@
/* csr->seqno is last received seqno, thus we expect
* csr->seqno+1 in next SYNC packet. Sender tells us
* the sequence number it is about to send with the
- * next packet, so we need to subtract 1 ?!? */
- csr->seqno = ntohs(csb->pkt.hdr.pktseq);
+ * next packet, so we need to subtract 1 */
+ csr->seqno = ntohs(csb->pkt.hdr.pktseq) - 1;
break;
}
ret = CTS_PROTO_RCV_MASTERANN;
@@ -1197,24 +1197,26 @@
struct csb_ring *csr = &cph->recv.ring;
struct cts_buff *csb = (struct cts_buff *) csr->sent;
struct ct_sync_msghdr *msghdr;
+ int advance_pkt = 0;
+ unsigned int msglen;
CT_SYNC_ENTER();
/* FIXME: clean up locking, should the receive ring's spinlock
* used at all? */
- spin_lock(&csr->lock);
+ //spin_lock(&csr->lock);
csr_print(csr);
while (1) {
DUMP_CTS_BUFF(csb);
- if (csb->parsed >= csb->tail) {
- /* end of packet reached, advance to next packet */
+ if (advance_pkt) {
+ /* advance to next packet if requested */
init_csb(csb);
if (csr->sent == csr->cur) {
/* no more to-be-received packets */
CT_SYNC_DEBUG("no more pkts\n");
- spin_unlock(&csr->lock);
+ //spin_unlock(&csr->lock);
CT_SYNC_LEAVE();
return NULL;
}
@@ -1225,24 +1227,41 @@
csb = (struct cts_buff *) csr->sent;
csr_print(csr);
DUMP_CTS_BUFF(csb);
+ advance_pkt = 0;
}
+ if (csb->parsed >= csb->tail) {
+ CT_SYNC_DEBUG("end of packet reached\n");
+ advance_pkt = 1;
+ continue;
+ }
+
if ((csb->tail - csb->parsed) < sizeof(*msghdr)) {
/* no full msghdr ?!?,advance */
CT_SYNC_DEBUG("no full msghdr\n");
+ advance_pkt = 1;
continue;
}
msghdr = (struct ct_sync_msghdr *) csb->parsed;
+ msglen = (__u16)ntohs(msghdr->len) + sizeof(*msghdr);
+
+ if ((csb->tail - csb->parsed) < msglen) {
+ /* packet is likely to be corrupted or truncated, advance */
+ CT_SYNC_DEBUG("truncated message\n");
+ advance_pkt = 1;
+ continue;
+ }
+
+ csb->parsed += msglen;
*hdr = &csb->pkt.hdr;
- csb->parsed += ntohs(msghdr->len)+sizeof(*msghdr);
break;
}
CT_SYNC_ASSERT(msghdr);
csr_print(csr);
- spin_unlock(&csr->lock);
+ //spin_unlock(&csr->lock);
if (unlikely(msghdr->type == CT_SYNC_MSG_UPDATE
&& msghdr->flags & CTS_UPD_F_INITSYNC
More information about the netfilter-cvslog
mailing list