[netfilter-cvslog] r4305 - in
branches/netfilter-ha/linux-2.6-actact: ct_sync patches
laforge at netfilter.org
laforge at netfilter.org
Sun Sep 25 17:27:01 CEST 2005
Author: laforge at netfilter.org
Date: 2005-09-25 17:26:59 +0200 (Sun, 25 Sep 2005)
New Revision: 4305
Modified:
branches/netfilter-ha/linux-2.6-actact/ct_sync/TODO
branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync.h
branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c
branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_proto.c
branches/netfilter-ha/linux-2.6-actact/patches/ct_sync_config_and_makefile.patch
Log:
lots of uncommitted stuff.
mainly this adds the (optional) timestamp comparison code.
Modified: branches/netfilter-ha/linux-2.6-actact/ct_sync/TODO
===================================================================
--- branches/netfilter-ha/linux-2.6-actact/ct_sync/TODO 2005-09-24 22:20:21 UTC (rev 4304)
+++ branches/netfilter-ha/linux-2.6-actact/ct_sync/TODO 2005-09-25 15:26:59 UTC (rev 4305)
@@ -1,4 +1,10 @@
+VRRP:
- refcounting (kobjects / sysfs)
- locking of sysfs-accessible parameters
-- mark connections to know which cluster belongs to them
+- testing, testing, testing
+real active-active:
+- make slave track multiple masters (sequence numbers, ...)
+- include timestamp in every message
+- save last timestamp in local conntrack
+- only update conntracks where timestamp_sync > timestamp_local
Modified: branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync.h
===================================================================
--- branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync.h 2005-09-24 22:20:21 UTC (rev 4304)
+++ branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync.h 2005-09-25 15:26:59 UTC (rev 4305)
@@ -57,7 +57,7 @@
{
__u8 version; /* version number */
__u8 pkttype; /* type of packet: sync/NACK */
- __u8 __reserved1; /* id of the sender node */
+ __u8 __reserved1; /* vers1: id of sender node */
__u8 count; /* number of msgs in packet */
__u16 pktseq; /* packet sequence number */
__u16 minseq; /* min seqno master has */
@@ -80,6 +80,7 @@
enum ct_sync_pkt_flag_t
{
CT_SYNC_PKT_F_RECOVER = 0x01, /* recovery packet */
+ CT_SYNC_PKT_F_ACTACT = 0x02, /* packet part of act-act */
};
/* CT_SYNC_PKT_MASTER_ANNOUNCE payload */
@@ -113,6 +114,9 @@
__u8 flags; /* sync flags */
__u8 res1;
__u16 res2;
+#ifdef CONFIG_IP_NF_CT_SYNC_ACTACT
+ struct timespec timestamp;
+#endif
};
/* CT_SYNC_PKT_SYNC: message types */
@@ -184,6 +188,9 @@
__u32 seq; /* sequence number */
union ip_conntrack_expect_proto proto; /* protocol specific info */
union ip_conntrack_expect_help help; /* expectation helper specific info */
+#ifdef CONFIG_IP_NF_CT_SYNC_ACTACT
+ struct timespec timestamp;
+#endif
};
#ifdef __KERNEL__
@@ -204,9 +211,11 @@
unsigned long upd_newbutexist; /* rx only: new but already exists */
unsigned long upd_nothere; /* rx only: not new but not here */
+ unsigned long upd_outdated; /* rx only: outdated, thus ignored */
unsigned long del_tot; /* total deletes */
unsigned long del_nothere; /* rx only: delete but not here */
+ unsigned long del_outdated; /* rx only: outdated, thus ignored */
unsigned long exp_upd_tot; /* total expect updates */
unsigned long exp_del_tot; /* total delete updates */
Modified: branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c
===================================================================
--- branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c 2005-09-24 22:20:21 UTC (rev 4304)
+++ branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_main.c 2005-09-25 15:26:59 UTC (rev 4305)
@@ -160,6 +160,9 @@
hdr->type = event;
hdr->resource = CT_SYNC_RES_EXPECT;
hdr->len = __constant_htons(sizeof(*sexp));
+#ifdef CONFIG_IP_NF_CT_SYNC_ACTACT
+ memcpy(&hdr->timestamp, &expect->timestamp, sizeof(hdr->timestamp));
+#endif
/* copy data from expectation */
memcpy(&sexp->tuple, &expect->tuple, sizeof(sexp->tuple));
@@ -202,6 +205,9 @@
hdr->resource = CT_SYNC_RES_CONNTRACK;
hdr->len = __constant_htons(sizeof(*sct));
hdr->flags = flags;
+#ifdef CONFIG_IP_NF_CT_SYNC_ACTACT
+ memcpy(&hdr->timestamp, &ct->timestamp, sizeof(hdr->timestamp));
+#endif
//CT_SYNC_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
//CT_SYNC_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
@@ -579,6 +585,19 @@
* MESSAGE PROCESSING FUNCTIONS
***********************************************************************/
+static inline int timespec_after(struct timespec *current,
+ struct timespec *after)
+{
+ if (after->tv_sec > current->tv_sec)
+ return 1;
+
+ if (after->tv_sec == current->tv_sec
+ && after->tv_nsec > current->tv_nsec)
+ return 1;
+
+ return 0;
+}
+
/* process messages */
static int
ct_sync_msg_process_update_ct(struct ct_sync_msghdr *msghdr,
@@ -604,6 +623,16 @@
h = ip_conntrack_find_get(&sct->orig, NULL);
if (h) {
ct = h->ctrack;
+
+#ifdef CONFIG_IP_NF_CT_SYNC_ACTACT
+ if (!timespec_after(&ct->last_update, msghdr->timestamp)) {
+ CTS_STAT_INC(rx.upd_outdated);
+ CT_SYNC_DEBUG("Update older than current state for ");
+ CT_SYNC_DUMP_TUPLE(&sct->orig);
+ CT_SYNC_LEAVE();
+ return -1;
+ }
+#endif
} else {
CT_SYNC_DEBUG("Conntrack entry not found, creating.\n");
ct = ip_conntrack_alloc(&dummy_tuple, &dummy_tuple);
@@ -655,10 +684,24 @@
h = ip_conntrack_find_get(t, NULL);
if (h) {
- _ct_sync_remove_conntrack(h->ctrack);
+ struct ip_conntrack *ct = h->ctrack;
+
+#ifdef CONFIG_IP_NF_CT_SYNC_ACTACT
+ if (!timespec_after(&ct->last_update, msghdr->timestamp)) {
+ CTS_STAT_INC(rx.del_outdated);
+ CT_SYNC_DEBUG("Update older than current state for ");
+ CT_SYNC_DUMP_TUPLE(&sct->orig);
+ CT_SYNC_LEAVE();
+ return -1;
+ }
+#endif
+
CT_SYNC_DEBUG("Deleting conntrack: ");
CT_SYNC_DUMP_TUPLE(t);
- ip_conntrack_put(h->ctrack);
+
+ _ct_sync_remove_conntrack(ct);
+
+ ip_conntrack_put(ct);
} else {
CTS_STAT_INC(rx.del_nothere);
CT_SYNC_DEBUG("Cannot delete nonexistent conntrack:");
@@ -1252,7 +1295,10 @@
hdr->type = CT_SYNC_MSG_DELETE;
hdr->resource = CT_SYNC_RES_CONNTRACK;
hdr->len = __constant_htons(sizeof(*t));
-
+#ifdef CONFIG_IP_NF_CT_SYNC_ACTACT
+ memcpy(&hdr->timestamp, &ct->timestamp,
+ sizeof(hdr->timestamp));
+#endif
memcpy(t, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
sizeof(*t));
Modified: branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_proto.c
===================================================================
--- branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_proto.c 2005-09-24 22:20:21 UTC (rev 4304)
+++ branches/netfilter-ha/linux-2.6-actact/ct_sync/ct_sync_proto.c 2005-09-25 15:26:59 UTC (rev 4305)
@@ -155,7 +155,7 @@
csb_hdr_fill(struct cts_protoh *cph, struct ct_sync_pkthdr *hdr,
__u8 type, __u16 seq)
{
- hdr->version = 2;
+ hdr->version = 3;
hdr->pkttype = type;
hdr->pktseq = htons(seq);
hdr->count = 0;
@@ -1049,7 +1049,7 @@
CT_SYNC_DEBUG("filled csb: %p: ", csb);
DUMP_CTS_BUFF(csb);
- if (unlikely(csb->pkt.hdr.version != 2)) {
+ if (unlikely(csb->pkt.hdr.version != 3)) {
CT_SYNC_ERR("invalid protocol version %u\n",
csb->pkt.hdr.version);
goto done_ignore;
@@ -1308,6 +1308,8 @@
&& atomic_read(&cph->state) == CT_SYNC_PSTATE_SLAVE_INIT))
set_state(cph, CT_SYNC_PSTATE_SLAVE_SYNRECV);
+ /* upon receiving a message with the INITSYNC_DONE flag set, we
+ * transition from SLAVE_SYNRECV to SLAVE_RUNNING */
if (unlikely(msghdr->type == CT_SYNC_MSG_UPDATE
&& msghdr->flags & CTS_UPD_F_INITSYNC_DONE
&& atomic_read(&cph->state) == CT_SYNC_PSTATE_SLAVE_SYNRECV))
Modified: branches/netfilter-ha/linux-2.6-actact/patches/ct_sync_config_and_makefile.patch
===================================================================
--- branches/netfilter-ha/linux-2.6-actact/patches/ct_sync_config_and_makefile.patch 2005-09-24 22:20:21 UTC (rev 4304)
+++ branches/netfilter-ha/linux-2.6-actact/patches/ct_sync_config_and_makefile.patch 2005-09-25 15:26:59 UTC (rev 4305)
@@ -22,7 +22,7 @@
===================================================================
--- linux-2.6.9.orig/net/ipv4/netfilter/Kconfig 2004-12-10 00:10:57.000000000 +0100
+++ linux-2.6.9/net/ipv4/netfilter/Kconfig 2004-12-15 22:03:22.000000000 +0100
-@@ -718,5 +718,22 @@
+@@ -718,5 +718,28 @@
IF unsure, say `N'.
@@ -36,6 +36,10 @@
+
+ If unsure, say `N'.
+
++config IP_NF_CT_SYNC_ACTACT
++ bool "Active-Active Support"
++ depends on IP_NF_CT_SYNC && !IP_NF_NAT
++
+config IP_NF_CONNTRACK_SYNC_MARKED
+ depends on IP_NF_CT_SYNC && IP_NF_CONNTRACK_MARK
+ help
More information about the netfilter-cvslog
mailing list