[netfilter-cvslog] r3596 - branches/netfilter-ha/linux-2.6/ct_sync

hidden at netfilter.org hidden at netfilter.org
Thu Jan 13 00:04:51 CET 2005 

Author: hidden at netfilter.org
Date: 2005-01-13 00:04:50 +0100 (Thu, 13 Jan 2005)
New Revision: 3596

Modified:
   branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c
Log:
Revision: hidden at sch.bme.hu--2005-public/netfilter-ha--mainline--1.0--patch-18

Removed direct DUMP_TUPLE calls and reorder notifier callback checks.

* ct_sync/ct_sync_main.c (ct_sync_msg_process_update_ct): does not call
  DUMP_TUPLE() directly, but uses CT_SYNC_DUMP_TUPLE instead
  (ct_sync_notify): reorder checking of event bits


Modified: branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c
===================================================================
--- branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c	2005-01-12 23:04:45 UTC (rev 3595)
+++ branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c	2005-01-12 23:04:50 UTC (rev 3596)
@@ -264,12 +264,12 @@
 				    &sct->orig, sizeof(sct->orig)) == 0);
 		CT_SYNC_ASSERT(memcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple,
 				    &sct->reply, sizeof(sct->reply)) == 0);
-		//CT_SYNC_DUMP_TUPLE(&sct->orig);
-		//CT_SYNC_DUMP_TUPLE(&sct->reply);
+		CT_SYNC_DUMP_TUPLE(&sct->orig);
+		CT_SYNC_DUMP_TUPLE(&sct->reply);
 	}
 
-	//CT_SYNC_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
-	//CT_SYNC_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+	CT_SYNC_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+	CT_SYNC_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
 
 	/* timeout */
 	if (!timer_pending(&ct->timeout)) {
@@ -292,20 +292,6 @@
 	/* FIXME: have to look up the master_ct by tuple and then iterate
 	 * over ip_conntrack_expect's in order to link with the correct
 	 * expect */
-#if 0
-	if (sct->exp_master) {
-		struct ip_conntrack_expect *expect;
-		idmap = ct_sync_idmap_find(sct->exp_master);
-		if (!idmap) {
-			CT_SYNC_ERR("Unknown master expectation, ignoring.\n");
-		} else {
-			expect = idmap->ptr;
-			ct->master = expect;
-			expect->sibling = ct;
-			/* FIXME: delete expect from expect list and decrease expectant's count */
-		}
-	}
-#endif
 
 	/* conntrack helper */
 	if (unlikely(sct->helper[0] != '\0')) {
@@ -347,7 +333,7 @@
 		CT_SYNC_DEBUG("NAT initialized: %x, new value %x\n", nat->initialized,
 				sct->nat_initialized);
 
-		if (new) {
+		if (new && sct->nat_initialized) {
 			nat->initialized = sct->nat_initialized;
 			/* do not set .conntrack, place_in_hashes will do */
 			nat->num_manips = sct->nat_num_manips;
@@ -581,20 +567,20 @@
 	if (unlikely(h && msghdr->flags & CTS_UPD_F_NEW)) {
 		CTS_STAT_INC(rx.upd_newbutexist);
 		CT_SYNC_DEBUG("received NEW conntrack, but we already know it: ");
-		DUMP_TUPLE(&sct->orig);
+		CT_SYNC_DUMP_TUPLE(&sct->orig);
 	} else if (unlikely(!h && !(msghdr->flags & CTS_UPD_F_NEW))) {
 		CTS_STAT_INC(rx.upd_nothere);
 		CT_SYNC_DEBUG("received UPD conntrack, but we don't know it: ");
-		DUMP_TUPLE(&sct->orig);
+		CT_SYNC_DUMP_TUPLE(&sct->orig);
 	}
 
 	_ct_sync_update_conntrack(ct, sct, new);
 
-	ip_conntrack_put(ct);
-
 	CT_SYNC_DEBUG("%s conntrack: ", new ? "new" : "upd");
 	CT_SYNC_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
 
+	ip_conntrack_put(ct);
+
 	CT_SYNC_LEAVE();
 
 	return 0;
@@ -1124,7 +1110,7 @@
 				ct_sync_start_initsync(cts_cfg.protoh);
 				break;
 			default:
-				/* the protocol layer handled other cases, 
+				/* the protocol layer handled other cases,
 				   and dropped the packet */
 				break;
 			}
@@ -1456,23 +1442,31 @@
 
 static int
 ct_sync_notify(struct notifier_block *this,
-	       unsigned long events, void *ct)
+	       unsigned long events, void *conntrack)
 {
-	if ((struct ip_conntrack *)ct == &ip_conntrack_untracked)
+	struct ip_conntrack *ct = (struct ip_conntrack *) conntrack;
+
+	/* ignore our fake conntrack entry */
+	if (ct == &ip_conntrack_untracked)
 		return NOTIFY_DONE;
 
-	if (events & IPCT_NEW) {
+	if (events & IPCT_DESTROY) {
+		ct_sync_destroy((struct ip_conntrack *)ct);
+
+	} else if (events & (IPCT_NEW | IPCT_RELATED)) {
 		ct_sync_create((struct ip_conntrack *)ct, 1);
 
-	} else if (events & (IPCT_STATUS | IPCT_PROTOINFO |
-		      IPCT_HELPINFO | IPCT_NATINFO)) {
+	} else if (events & (IPCT_STATUS |
+			     IPCT_PROTOINFO |
+			     IPCT_HELPER |
+			     IPCT_HELPINFO |
+			     IPCT_NATINFO)) {
 		ct_sync_create((struct ip_conntrack *)ct, 0);
-
-	} else if (events & IPCT_DESTROY) {
-		ct_sync_destroy((struct ip_conntrack *)ct);
-
 	}
 
+	/* FIXME: make it possible to optionally synchronize volatile
+	 * events */
+
 	return NOTIFY_DONE;
 }

More information about the netfilter-cvslog mailing list