[netfilter-cvslog] r3992 - in branches/netfilter-ha: linux-2.6/ct_sync linux-2.6/patches linux-2.6-actact/ct_sync

laforge at netfilter.org laforge at netfilter.org
Thu Jun 23 11:10:10 CEST 2005 

Author: laforge at netfilter.org
Date: 2005-06-23 11:10:09 +0200 (Thu, 23 Jun 2005)
New Revision: 3992

Modified:
   branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c
   branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c
   branches/netfilter-ha/linux-2.6/patches/ct_sync_config_and_makefile.patch
Log:

introduce new CONFIG_IP_NF_CONNTRACK_SYNC_MARKED option instead of implicitly
only syncing connection with a certain cmarkbit when CONNMARK is compiled in


Modified: branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c
===================================================================
--- branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c	2005-06-23 09:00:47 UTC (rev 3991)
+++ branches/netfilter-ha/linux-2.6/ct_sync/ct_sync_main.c	2005-06-23 09:10:09 UTC (rev 3992)
@@ -76,7 +76,7 @@
 static int notrack = 1;
 module_param(notrack, int, 0000);
 
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 static int cmarkbit = sizeof(unsigned long) * 8 - 1;
 module_param(cmarkbit, int, 0000);
 #endif
@@ -495,7 +495,7 @@
 
 	(*num)++;
 	if (is_confirmed(ct)
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 	    /* stop timer only if this is a synchronized connection */
 	    && test_bit(cmarkbit, &ct->mark)
 #endif
@@ -1169,7 +1169,7 @@
 		return 0;
 
 	if (likely(is_confirmed(ct)
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 	    /* send only if this is a synchronized connection */
 	    && test_bit(cmarkbit, &ct->mark)
 #endif
@@ -1326,7 +1326,7 @@
 
 	if (cts_proto_is_master(cts_cfg.protoh) 
 		   && is_confirmed(ct)
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 		   /* generate a message only if the conntrack is synchronized */
 		   && test_bit(cmarkbit, &ct->mark)
 #endif
@@ -1358,7 +1358,7 @@
 
 	if (cts_proto_is_master(cts_cfg.protoh) 
 		   && is_confirmed(ct)
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 		   /* generate a message only if the conntrack is to be
 		    * synchronized */
 		   && test_bit(cmarkbit, &ct->mark)
@@ -1758,7 +1758,7 @@
 			sizeof(struct ct_sync_pkthdr));
 	CT_SYNC_DEBUG("ct_sync_msghdr: %d bytes\n", 
 			sizeof(struct ct_sync_msghdr));
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 	CT_SYNC_DEBUG("cmarkbit: %d\n", cmarkbit);
 #endif
 
@@ -1850,11 +1850,11 @@
 	printk(KERN_NOTICE "netfilter conntrack_sync version %s loaded\n",
 	       CT_SYNC_VERSION);
 	CT_SYNC_INFO("parameters: syncdev='%s' l2drop=%u notrack=%u"
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 		     " cmarkbit=%u"
 #endif
 		     "\n", syncdev, l2drop, notrack
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 		     , cmarkbit
 #endif
 		     );

Modified: branches/netfilter-ha/linux-2.6/patches/ct_sync_config_and_makefile.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/ct_sync_config_and_makefile.patch	2005-06-23 09:00:47 UTC (rev 3991)
+++ branches/netfilter-ha/linux-2.6/patches/ct_sync_config_and_makefile.patch	2005-06-23 09:10:09 UTC (rev 3992)
@@ -22,7 +22,7 @@
 ===================================================================
 --- linux-2.6.9.orig/net/ipv4/netfilter/Kconfig	2004-12-10 00:10:57.000000000 +0100
 +++ linux-2.6.9/net/ipv4/netfilter/Kconfig	2004-12-15 22:03:22.000000000 +0100
-@@ -718,5 +718,15 @@
+@@ -718,5 +718,22 @@
  	  
  	  IF unsure, say `N'.
  
@@ -36,5 +36,12 @@
 +
 +	  If unsure, say `N'.
 +
++config IP_NF_CONNTRACK_SYNC_MARKED
++	depends on IP_NF_CT_SYNC && IP_NF_CONNTRACK_MARK
++	help
++	  This option enables the 'cmarkbit' option of ct_sync.  This means that
++	  only connections marked with a certain bit in CONNMARK will synced, instead
++	  of syncing _all_ conntracks by default.
++
  endmenu
  

Modified: branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c
===================================================================
--- branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c	2005-06-23 09:00:47 UTC (rev 3991)
+++ branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c	2005-06-23 09:10:09 UTC (rev 3992)
@@ -105,7 +105,7 @@
 		char syncdev[IFNAMSIZ];		/* sync device */
 		unsigned long send_burst;
 		unsigned long recv_burst;
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 		unsigned long cmarkbit;
 #endif
 	} config;
@@ -132,7 +132,7 @@
 	struct cts_inst_attribute addr_attr;
 	struct cts_inst_attribute active_attr;
 	struct cts_inst_attribute syncdev_attr;
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 	struct cts_inst_attribute cmarkbit_attr;
 #endif
 	struct cts_inst_attribute sendburst_attr;
@@ -536,7 +536,7 @@
 
 	(*num)++;
 	if (is_confirmed(ct)
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 	    /* stop timer only if this is a synchronized connection */
 	    && test_bit(ctsi->config.cmarkbit, &ct->mark)
 #endif
@@ -1013,7 +1013,7 @@
 		return 0;
 
 	if (likely(is_confirmed(ct)
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 	    /* send only if this is a synchronized connection */
 	    && test_bit(ctsi->config.cmarkbit, &ct->mark)
 #endif
@@ -1187,7 +1187,7 @@
 	list_for_each_entry(ctsi, &ct_sync_instances, list) {
 
 		if (cts_proto_is_master(ctsi->protoh) 
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 			   /* generate a message only if the conntrack is synchronized */
 			   && test_bit(ctsi->config.cmarkbit, &ct->mark)
 #endif
@@ -1227,7 +1227,7 @@
 	read_lock(&ctsync_lock);
 	list_for_each_entry(ctsi, &ct_sync_instances, list) {
 		if (cts_proto_is_master(ctsi->protoh) 
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 			   /* generate a message only if the conntrack is to be
 			    * synchronized */
 			   && test_bit(ctsi->config.cmarkbit, &ct->mark)
@@ -1277,7 +1277,7 @@
 	read_lock(&ctsync_lock);
 	list_for_each_entry(ctsi, &ct_sync_instances, list) {
 		if (likely(cts_proto_is_master(ctsi->protoh)
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 		    && test_bit(ctsi->config.cmarkbit, &master_ct->mark)
 #endif
 		    && is_confirmed(master_ct))) {
@@ -1312,7 +1312,7 @@
 	read_lock(&ctsync_lock);
 	list_for_each_entry(ctsi, &ct_sync_instances, list) {
 		if (likely(cts_proto_is_master(ctsi->protoh) 
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 		    && test_bit(ctsi->config.cmarkbit, &master_ct->mark)
 #endif
 		    && is_confirmed(master_ct))) {
@@ -1850,7 +1850,7 @@
 	return len;
 }
 
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 static ssize_t sysfs_cmarkbit_show(struct ct_sync_instance *ctsi,
 				   char *buf)
 {
@@ -2060,7 +2060,7 @@
 	if (ret < 0)
 		goto out_sysfs_sendburst;
 
-#ifdef CONFIG_IP_NF_CONNTRACK_MARK
+#ifdef CONFIG_IP_NF_CONNTRACK_SYNC_MARKED
 	CTSI_ATTR_INIT(ctsi->cmarkbit_attr, "cmarkbit", 0640,
 			sysfs_cmarkbit_show, sysfs_cmarkbit_store);
 	ret = sysfs_create_file(&ctsi->kobj, &ctsi->cmarkbit_attr.attr);

More information about the netfilter-cvslog mailing list