[netfilter-cvslog] r3261 - trunk/netfilter-ha/ct_sync

hidden at netfilter.org hidden at netfilter.org
Tue Nov 2 00:26:10 CET 2004 

Author: hidden at netfilter.org
Date: 2004-11-02 00:26:09 +0100 (Tue, 02 Nov 2004)
New Revision: 3261

Modified:
   trunk/netfilter-ha/ct_sync/ct_sync_main.c
   trunk/netfilter-ha/ct_sync/ct_sync_proto.c
Log:
- fix some gcc warnings
- fix seqno diff calculations (operator & instead of %)
- really substract 1 from the sequence number received in
  a master announcement
- don't acquire the receive spin_lock of the receive ring when
  receiving messages, since that function is called only from
  the rcv thread
- when doing an initial synchronization dump entries conforming
  to our connmark-based policy
- don't stop timers of all conntrack entries when starting as
  a slave, this could lead to dead conntrack entries staying in
  the hash forever


Modified: trunk/netfilter-ha/ct_sync/ct_sync_main.c
===================================================================
--- trunk/netfilter-ha/ct_sync/ct_sync_main.c	2004-11-01 07:38:59 UTC (rev 3260)
+++ trunk/netfilter-ha/ct_sync/ct_sync_main.c	2004-11-01 23:26:09 UTC (rev 3261)
@@ -1083,7 +1083,12 @@
 	if (DIRECTION(h))
 		return 0;
 
-	if (likely(is_confirmed(ct))) {
+	if (likely(is_confirmed(ct)
+#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+	    /* stop timer only if this is a synchronized connection */
+	    && test_bit(cmarkbit, &ct->mark)
+#endif
+	    )) {
 		char *buff;
 		struct cts_buff *csb;
 		buff = cts_proto_want_enqueue(cts_cfg.protoh, &csb, 
@@ -1107,7 +1112,7 @@
 
 	CT_SYNC_ENTER();
 
-	(char *) hdr = cts_proto_want_enqueue(cts_cfg.protoh, &csb, CTMSG_SIZEOF(0));
+	hdr = (struct ct_sync_msghdr *) cts_proto_want_enqueue(cts_cfg.protoh, &csb, CTMSG_SIZEOF(0));
 	if (unlikely(!hdr)) {
 		CT_SYNC_ERR("unable to store create event\n");
 		return 1;
@@ -1841,7 +1846,10 @@
 		}
 	} else {
 		/* slave: stop timers of conntracks */
-		ct_sync_stop_timers();
+		/* FIXME: should we stop all timers on startup? This could cause
+		 * connections left in the hashes for an indefinite amount
+		 * of time... */
+		//ct_sync_stop_timers();
 
 		/* initsync request is handled by kernel thread */
 	}

Modified: trunk/netfilter-ha/ct_sync/ct_sync_proto.c
===================================================================
--- trunk/netfilter-ha/ct_sync/ct_sync_proto.c	2004-11-01 07:38:59 UTC (rev 3260)
+++ trunk/netfilter-ha/ct_sync/ct_sync_proto.c	2004-11-01 23:26:09 UTC (rev 3261)
@@ -109,7 +109,7 @@
 			cts_proto_statenames[state]);
 }
 
-char *cts_proto_get_state_name(struct cts_protoh *cph)
+const char *cts_proto_get_state_name(struct cts_protoh *cph)
 {
 	return cts_proto_statenames[atomic_read(&cph->state)];
 }
@@ -746,7 +746,7 @@
 {
 	int diff = cseq - seq + 0x18fff;
 
-	return (diff % 0x10000) - 0x8fff;
+	return (diff & 0xffff) - 0x8fff;
 }
 
 /* Recover lost packets
@@ -791,7 +791,7 @@
 	bseq = ntohs(((struct cts_buff *)i)->pkt.hdr.pktseq);
 
 	/* check seqno of csr->backlog */
-	if (cts_seqno_cmp(bseq, (u16)((seq + 1) % 0xffff)) > 0) {
+	if (cts_seqno_cmp(bseq, (u16)((seq + 1) & 0xffff)) > 0) {
 		/* give up and request initsync */
 		CT_SYNC_DEBUG("recovery impossible: backlog begins at %d\n", bseq);
 		spin_unlock_bh(&csr->lock);
@@ -1043,7 +1043,7 @@
 
 			CT_SYNC_INFO("received out-of-sequence sync pkt "
 				     "(rcv:%u, exp:%u)\n",
-				     ntohs(csb->pkt.hdr.pktseq), csr->seqno+1);
+				     ntohs(csb->pkt.hdr.pktseq), csr->seqno + 1);
 			sdiff = cts_seqno_cmp(ntohs(csb->pkt.hdr.pktseq), 
 					      csr->seqno);
 
@@ -1105,8 +1105,8 @@
 			/* csr->seqno is last received seqno, thus we expect
 			 * csr->seqno+1 in next SYNC packet. Sender tells us
 			 * the sequence number it is about to send with the
-			 * next packet, so we need to subtract 1 ?!?  */
-			csr->seqno = ntohs(csb->pkt.hdr.pktseq);
+			 * next packet, so we need to subtract 1 */
+			csr->seqno = ntohs(csb->pkt.hdr.pktseq) - 1;
 			break;
 		}
 		ret = CTS_PROTO_RCV_MASTERANN;
@@ -1197,24 +1197,26 @@
 	struct csb_ring *csr = &cph->recv.ring;
 	struct cts_buff *csb = (struct cts_buff *) csr->sent;
 	struct ct_sync_msghdr *msghdr;
+	int advance_pkt = 0;
+	unsigned int msglen;
 
 	CT_SYNC_ENTER();
 
 	/* FIXME: clean up locking, should the receive ring's spinlock
 	 * used at all? */
-	spin_lock(&csr->lock);
+	//spin_lock(&csr->lock);
 
 	csr_print(csr);
 
 	while (1) {
 		DUMP_CTS_BUFF(csb);
-		if (csb->parsed >= csb->tail) {
-			/* end of packet reached, advance to next packet */
+		if (advance_pkt) {
+			/* advance to next packet if requested */
 			init_csb(csb);
 			if (csr->sent == csr->cur) {
 				/* no more to-be-received packets */
 				CT_SYNC_DEBUG("no more pkts\n");
-				spin_unlock(&csr->lock);
+				//spin_unlock(&csr->lock);
 				CT_SYNC_LEAVE();
 				return NULL;
 			}
@@ -1225,24 +1227,41 @@
 			csb = (struct cts_buff *) csr->sent;
 			csr_print(csr);
 			DUMP_CTS_BUFF(csb);
+			advance_pkt = 0;
 		}
 
+		if (csb->parsed >= csb->tail) {
+			CT_SYNC_DEBUG("end of packet reached\n");
+			advance_pkt = 1;
+			continue;
+		}
+
 		if ((csb->tail - csb->parsed) < sizeof(*msghdr)) {
 			/* no full msghdr ?!?,advance */
 			CT_SYNC_DEBUG("no full msghdr\n");
+			advance_pkt = 1;
 			continue;
 		}
 
 		msghdr = (struct ct_sync_msghdr *) csb->parsed;
+		msglen = (__u16)ntohs(msghdr->len) + sizeof(*msghdr);
+
+		if ((csb->tail - csb->parsed) < msglen) {
+			/* packet is likely to be corrupted or truncated, advance */
+			CT_SYNC_DEBUG("truncated message\n");
+			advance_pkt = 1;
+			continue;
+		}
+
+		csb->parsed += msglen;
 		*hdr = &csb->pkt.hdr;
-		csb->parsed += ntohs(msghdr->len)+sizeof(*msghdr);
 		break;
 	}
 
 	CT_SYNC_ASSERT(msghdr);
 
 	csr_print(csr);
-	spin_unlock(&csr->lock);
+	//spin_unlock(&csr->lock);
 
 	if (unlikely(msghdr->type == CT_SYNC_MSG_UPDATE
 	             && msghdr->flags & CTS_UPD_F_INITSYNC

More information about the netfilter-cvslog mailing list