[netfilter-cvslog] r3572 - branches/netfilter-ha/linux-2.6/ct_sync

hidden at netfilter.org hidden at netfilter.org
Wed Jan 5 00:32:25 CET 2005 

Author: hidden at netfilter.org
Date: 2005-01-05 00:32:25 +0100 (Wed, 05 Jan 2005)
New Revision: 3572

Modified:
   branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c
Log:
Revision: hidden at sch.bme.hu--2005-public/netfilter-ha--mainline--1.0--patch-8

Make internal notrack functionality optional (enabled by default)

* ct_sync/ct_sync_main.c (init_or_cleanup): implement a new 'notrack'
  module parameter, can be used to disable notrack hook registration


Modified: branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c
===================================================================
--- branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c	2005-01-04 22:59:14 UTC (rev 3571)
+++ branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c	2005-01-04 23:32:25 UTC (rev 3572)
@@ -76,6 +76,8 @@
 module_param(l2drop, int, 0000);
 static int cmarkbit = sizeof(unsigned long) * 8 - 1;
 module_param(cmarkbit, int, 0000);
+static int notrack = 1;
+module_param(notrack, int, 0000);
 
 /* thread wait queue heads */
 static DECLARE_WAIT_QUEUE_HEAD(ct_sync_rcv_wait);
@@ -1756,7 +1758,7 @@
 	cts_cfg.addr.sin_addr.s_addr = 
 			__constant_htonl(0xe0000052); /* 224.0.0.82 */
 
-	/* Get ifindex of the sync device, used by the l2drop hook */
+	/* Get ifindex of the sync device, used by the notrack and l2drop hook */
 	if ((sync_netdev = dev_get_by_name(cts_cfg.devname)) != NULL) {
 		cts_cfg.ifindex = sync_netdev->ifindex;
 		dev_put(sync_netdev);
@@ -1778,10 +1780,15 @@
 
 	/* Register hooks first, make sure not even the first sync packet gets
 	 * tracked */
-	if (nf_register_hook(&cts_hook_ops[0]) < 0)
-		goto error_proto;
-	if (nf_register_hook(&cts_hook_ops[1]) < 0)
-		goto error_hook0;
+	if (notrack) {
+		if (nf_register_hook(&cts_hook_ops[0]) < 0)
+			goto error_proto;
+		if (nf_register_hook(&cts_hook_ops[1]) < 0)
+			goto error_hook0;
+	} else {
+		printk(KERN_NOTICE "WARNING: ct_sync internal notrack disabled\n");
+	}
+
 	if (l2drop) {
 		if (nf_register_hook(&cts_hook_ops[2]) < 0)
 			goto error_hook1;
@@ -1852,8 +1859,8 @@
 	/* Now we have all of our infrastructure up and running */
 	printk(KERN_NOTICE "netfilter conntrack_sync version %s loaded\n",
 	       CT_SYNC_VERSION);
-	CT_SYNC_INFO("parameters: 'syncdev=%s l2drop=%u'\n",
-		     syncdev, l2drop);
+	CT_SYNC_INFO("parameters: 'syncdev=%s l2drop=%u notrack=%u'\n",
+		     syncdev, l2drop, notrack);
 
         return 0;
 
@@ -1890,9 +1897,11 @@
 	if (l2drop)
 		nf_unregister_hook(&cts_hook_ops[2]);
 error_hook1:
-	nf_unregister_hook(&cts_hook_ops[1]);
+	if (notrack)
+		nf_unregister_hook(&cts_hook_ops[1]);
 error_hook0:
-	nf_unregister_hook(&cts_hook_ops[0]);
+	if (notrack)
+		nf_unregister_hook(&cts_hook_ops[0]);
 error_proto:
 	cts_proto_cleanup(cts_cfg.protoh);
 	/* make sure all conntrack timers are running */

More information about the netfilter-cvslog mailing list