[netfilter-cvslog] r6858 - in trunk/conntrack-tools: . examples/sync/nack/node1 examples/sync/nack/node2 examples/sync/persistent/node1 examples/sync/persistent/node2 include src

pablo at netfilter.org pablo at netfilter.org
Mon Jun 4 17:19:42 CEST 2007


Author: pablo at netfilter.org
Date: 2007-06-04 17:19:42 +0200 (Mon, 04 Jun 2007)
New Revision: 6858

Modified:
   trunk/conntrack-tools/ChangeLog
   trunk/conntrack-tools/configure.in
   trunk/conntrack-tools/examples/sync/nack/node1/conntrackd.conf
   trunk/conntrack-tools/examples/sync/nack/node2/conntrackd.conf
   trunk/conntrack-tools/examples/sync/persistent/node1/conntrackd.conf
   trunk/conntrack-tools/examples/sync/persistent/node2/conntrackd.conf
   trunk/conntrack-tools/include/conntrackd.h
   trunk/conntrack-tools/include/mcast.h
   trunk/conntrack-tools/include/network.h
   trunk/conntrack-tools/include/sync.h
   trunk/conntrack-tools/src/cache_iterators.c
   trunk/conntrack-tools/src/netlink.c
   trunk/conntrack-tools/src/network.c
   trunk/conntrack-tools/src/read_config_yy.y
   trunk/conntrack-tools/src/stats-mode.c
   trunk/conntrack-tools/src/sync-mode.c
   trunk/conntrack-tools/src/sync-nack.c
   trunk/conntrack-tools/src/sync-notrack.c
Log:
o remove useless backlog parameter in multicast sockets
o remove reminiscents of delay destroy message and relax transitions
o remove confusing StripNAT parameter: NAT support enabled by default
o relax event tracking: *_update callbacks use cache_update_force
o use wraparound-aware functions after/before/between
o lots of cleanups


Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/ChangeLog	2007-06-04 15:19:42 UTC (rev 6858)
@@ -5,6 +5,12 @@
 o simplify checksum code: use UDP/multicast checksum facilities
 o fix silly bug in build_network_message: out of bound memset
 o fix error message in configure.in (Eric Leblond)
+o remove useless backlog parameter in multicast sockets
+o remove reminiscents of delay destroy message and relax transitions
+o remove confusing StripNAT parameter: NAT support enabled by default
+o relax event tracking: *_update callbacks use cache_update_force
+o use wraparound-aware functions after/before/between
+o lots of cleanups
 
 = conntrack =
 o fix segfault with conntrack --output (Krzysztof Oledzky)

Modified: trunk/conntrack-tools/configure.in
===================================================================
--- trunk/conntrack-tools/configure.in	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/configure.in	2007-06-04 15:19:42 UTC (rev 6858)
@@ -1,4 +1,4 @@
-AC_INIT(conntrack-tools, 0.9.3, pablo at netfilter.org)
+AC_INIT(conntrack-tools, 0.9.4, pablo at netfilter.org)
 
 AC_CANONICAL_SYSTEM
 

Modified: trunk/conntrack-tools/examples/sync/nack/node1/conntrackd.conf
===================================================================
--- trunk/conntrack-tools/examples/sync/nack/node1/conntrackd.conf	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/examples/sync/nack/node1/conntrackd.conf	2007-06-04 15:19:42 UTC (rev 6858)
@@ -33,7 +33,6 @@
 		IPv4_address 225.0.0.50
 		IPv4_interface 192.168.100.100 # IP of dedicated link
 		Group 3780
-		Backlog 20
 	}
 
 	# Enable/Disable message checksumming
@@ -118,8 +117,3 @@
 	VRRP
 	# numeric numbers also valid
 }
-
-#
-# Strip NAT traffic
-#
-StripNAT

Modified: trunk/conntrack-tools/examples/sync/nack/node2/conntrackd.conf
===================================================================
--- trunk/conntrack-tools/examples/sync/nack/node2/conntrackd.conf	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/examples/sync/nack/node2/conntrackd.conf	2007-06-04 15:19:42 UTC (rev 6858)
@@ -32,7 +32,6 @@
 		IPv4_address 225.0.0.50
 		IPv4_interface 192.168.100.200 # IP of dedicated link
 		Group 3780
-		Backlog 20
 	}
 
 	# Enable/Disable message checksumming
@@ -117,8 +116,3 @@
 	VRRP
 	# numeric numbers also valid
 }
-
-#
-# Strip NAT traffic
-#
-StripNAT

Modified: trunk/conntrack-tools/examples/sync/persistent/node1/conntrackd.conf
===================================================================
--- trunk/conntrack-tools/examples/sync/persistent/node1/conntrackd.conf	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/examples/sync/persistent/node1/conntrackd.conf	2007-06-04 15:19:42 UTC (rev 6858)
@@ -38,7 +38,6 @@
 		IPv4_address 225.0.0.50
 		IPv4_interface 192.168.100.100 # IP of dedicated link
 		Group 3780
-		Backlog 20
 	}
 
 	# Enable/Disable message checksumming
@@ -123,8 +122,3 @@
 	VRRP
 	# numeric numbers also valid
 }
-
-#
-# Strip NAT traffic
-#
-StripNAT

Modified: trunk/conntrack-tools/examples/sync/persistent/node2/conntrackd.conf
===================================================================
--- trunk/conntrack-tools/examples/sync/persistent/node2/conntrackd.conf	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/examples/sync/persistent/node2/conntrackd.conf	2007-06-04 15:19:42 UTC (rev 6858)
@@ -38,7 +38,6 @@
 		IPv4_address 225.0.0.50
 		IPv4_interface 192.168.100.200 # IP of dedicated link
 		Group 3780
-		Backlog 20
 	}
 
 	# Enable/Disable message checksumming
@@ -123,8 +122,3 @@
 	VRRP
 	# numeric numbers also valid
 }
-
-#
-# Strip NAT traffic
-#
-StripNAT

Modified: trunk/conntrack-tools/include/conntrackd.h
===================================================================
--- trunk/conntrack-tools/include/conntrackd.h	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/include/conntrackd.h	2007-06-04 15:19:42 UTC (rev 6858)
@@ -30,22 +30,13 @@
 #define DEFAULT_LOCKFILE	"/var/lock/conntrackd.lock"
 
 enum {
-	STRIP_NAT_BIT = 0,
-	STRIP_NAT = (1 << STRIP_NAT_BIT),
-
-	DELAY_DESTROY_MSG_BIT = 1,
-	DELAY_DESTROY_MSG = (1 << DELAY_DESTROY_MSG_BIT),
-
-	RELAX_TRANSITIONS_BIT = 2,
-	RELAX_TRANSITIONS = (1 << RELAX_TRANSITIONS_BIT),
-
-	SYNC_MODE_PERSISTENT_BIT = 3,
+	SYNC_MODE_PERSISTENT_BIT = 0,
 	SYNC_MODE_PERSISTENT = (1 << SYNC_MODE_PERSISTENT_BIT),
 
-	SYNC_MODE_NACK_BIT = 4,
+	SYNC_MODE_NACK_BIT = 1,
 	SYNC_MODE_NACK = (1 << SYNC_MODE_NACK_BIT),
 
-	DONT_CHECKSUM_BIT = 5,
+	DONT_CHECKSUM_BIT = 2,
 	DONT_CHECKSUM = (1 << DONT_CHECKSUM_BIT),
 };
 
@@ -122,7 +113,7 @@
 	struct mcast_sock *mcast_server;  /* multicast socket: incoming */
 	struct mcast_sock *mcast_client;  /* multicast socket: outgoing  */
 
-	struct sync_mode *mcast_sync;
+	struct sync_mode *sync;		/* sync mode */
 	struct buffer *buffer;
 
 	u_int32_t last_seq_sent;	/* last sequence number sent */

Modified: trunk/conntrack-tools/include/mcast.h
===================================================================
--- trunk/conntrack-tools/include/mcast.h	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/include/mcast.h	2007-06-04 15:19:42 UTC (rev 6858)
@@ -5,7 +5,6 @@
 
 struct mcast_conf {
 	int ipproto;
-	int backlog;
 	int reuseaddr;
 	int checksum;
 	unsigned short port;

Modified: trunk/conntrack-tools/include/network.h
===================================================================
--- trunk/conntrack-tools/include/network.h	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/include/network.h	2007-06-04 15:19:42 UTC (rev 6858)
@@ -30,4 +30,23 @@
 	NET_ACK = (1 << NET_ACK_BIT),
 };
 
+/* extracted from net/tcp.h */
+
+/*
+ * The next routines deal with comparing 32 bit unsigned ints
+ * and worry about wraparound (automatic with unsigned arithmetic).
+ */
+
+static inline int before(__u32 seq1, __u32 seq2)
+{
+	return (__s32)(seq1-seq2) < 0;
+}
+#define after(seq2, seq1)       before(seq1, seq2)
+
+/* is s2<=s1<=s3 ? */
+static inline int between(__u32 seq1, __u32 seq2, __u32 seq3)
+{
+	return seq3 - seq2 >= seq1 - seq2;
+}
+
 #endif

Modified: trunk/conntrack-tools/include/sync.h
===================================================================
--- trunk/conntrack-tools/include/sync.h	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/include/sync.h	2007-06-04 15:19:42 UTC (rev 6858)
@@ -13,10 +13,10 @@
 	int  (*init)(void);
 	void (*kill)(void);
 	int  (*local)(int fd, int type, void *data);
-	int  (*pre_recv)(const struct nlnetwork *net);
-	void (*post_send)(int type,
-			  const struct nlnetwork *net,
-			  struct us_conntrack *u);
+	int  (*recv)(const struct nlnetwork *net); /* recv callback */
+	void (*send)(int type,			   /* send callback */
+		     const struct nlnetwork *net,
+		     struct us_conntrack *u);
 };
 
 extern struct sync_mode notrack;

Modified: trunk/conntrack-tools/src/cache_iterators.c
===================================================================
--- trunk/conntrack-tools/src/cache_iterators.c	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/cache_iterators.c	2007-06-04 15:19:42 UTC (rev 6858)
@@ -219,7 +219,8 @@
 		debug_ct(u->ct, "failed to build");
 
 	mcast_send_netmsg(STATE_SYNC(mcast_client), net);
-	STATE_SYNC(mcast_sync)->post_send(NFCT_T_UPDATE, net, u);
+	if (STATE_SYNC(sync)->send)
+		STATE_SYNC(sync)->send(NFCT_T_UPDATE, net, u);
 
 	/* keep iterating even if we have found errors */
 	return 0;

Modified: trunk/conntrack-tools/src/netlink.c
===================================================================
--- trunk/conntrack-tools/src/netlink.c	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/netlink.c	2007-06-04 15:19:42 UTC (rev 6858)
@@ -32,15 +32,13 @@
 		return 1;
 
 	/* Accept DNAT'ed traffic: not really coming to the local machine */
-	if ((CONFIG(flags) & STRIP_NAT) && 
-	    nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
+	if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
 		debug_ct(ct, "DNAT");
 		return 0;
 	}
 
         /* Accept SNAT'ed traffic: not really coming to the local machine */
-	if ((CONFIG(flags) & STRIP_NAT) && 
-	    nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
+	if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
 		debug_ct(ct, "SNAT");
 		return 0;
 	}

Modified: trunk/conntrack-tools/src/network.c
===================================================================
--- trunk/conntrack-tools/src/network.c	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/network.c	2007-06-04 15:19:42 UTC (rev 6858)
@@ -205,33 +205,16 @@
 		goto out;
 
 	/* out of sequence: some messages got lost */
-	if (seq > STATE_SYNC(last_seq_recv)+1) {
+	if (after(seq, STATE_SYNC(last_seq_recv)+1)) {
 		STATE_SYNC(packets_lost) += seq-STATE_SYNC(last_seq_recv)+1;
 		ret = 0;
 		goto out;
 	}
 
-	/* out of sequence: replayed or sequence wrapped around issues */
-	if (seq < STATE_SYNC(last_seq_recv)+1) {
-		/* 
-		 * Check if the sequence has wrapped around.
-		 * Perhaps it can be a replayed packet.
-		 */
-		if (STATE_SYNC(last_seq_recv)+1-seq > ~0U/2) {
-			/* 
-			 * Indeed, it is a wrapped around
-			 */
-			STATE_SYNC(packets_lost) += 
-				~0U-STATE_SYNC(last_seq_recv)+1+seq;
-		} else {
-			/*
-			 * It is a delayed packet
-			 */
-			dlog(STATE(log), "delayed packet? exp=%u rcv=%u",
-					 STATE_SYNC(last_seq_recv)+1, seq);
-		}
-		ret = 0;
-	}
+	/* out of sequence: replayed/delayed packet? */
+	if (before(seq, STATE_SYNC(last_seq_recv)+1))
+		dlog(STATE(log), "delayed packet? exp=%u rcv=%u",
+				 STATE_SYNC(last_seq_recv)+1, seq);
 
 out:
 	*exp_seq = STATE_SYNC(last_seq_recv)+1;

Modified: trunk/conntrack-tools/src/read_config_yy.y
===================================================================
--- trunk/conntrack-tools/src/read_config_yy.y	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/read_config_yy.y	2007-06-04 15:19:42 UTC (rev 6858)
@@ -84,7 +84,8 @@
 
 strip_nat: T_STRIP_NAT
 {
-	conf.flags |= STRIP_NAT;
+	fprintf(stderr, "Notice: StripNAT clause is obsolete. "
+			"Please, remove it from conntrackd.conf\n");
 };
 
 refreshtime : T_REFRESH T_NUMBER
@@ -228,7 +229,8 @@
 
 multicast_option : T_BACKLOG T_NUMBER
 {
-	conf.mcast.backlog = $2;
+	fprintf(stderr, "Notice: Backlog option inside Multicast clause is "
+			"obsolete. Please, remove it from conntrackd.conf.\n");
 };
 
 multicast_option : T_GROUP T_NUMBER
@@ -354,12 +356,14 @@
 
 relax_transitions: T_RELAX_TRANSITIONS
 {
-	conf.flags |= RELAX_TRANSITIONS;
+	fprintf(stderr, "Notice: RelaxTransitions clause is obsolete. "
+			"Please, remove it from conntrackd.conf\n");
 };
 
 delay_destroy_msgs: T_DELAY
 {
-	conf.flags |= DELAY_DESTROY_MSG;
+	fprintf(stderr, "Notice: DelayDestroyMessages clause is obsolete. "
+			"Please, remove it from conntrackd.conf\n");
 };
 
 listen_to: T_LISTEN_TO T_IP

Modified: trunk/conntrack-tools/src/stats-mode.c
===================================================================
--- trunk/conntrack-tools/src/stats-mode.c	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/stats-mode.c	2007-06-04 15:19:42 UTC (rev 6858)
@@ -139,7 +139,6 @@
 
 static void event_new_stats(struct nf_conntrack *ct, struct nlmsghdr *nlh)
 {
-	debug_ct(ct, "debug event");
 	if (cache_add(STATE_STATS(cache), ct)) {
 		debug_ct(ct, "cache new");
 	} else {
@@ -151,22 +150,9 @@
 
 static void event_update_stats(struct nf_conntrack *ct, struct nlmsghdr *nlh)
 {
-	debug_ct(ct, "update");
-
-	if (!cache_update(STATE_STATS(cache), ct)) {
-		/*
-		 * Perhaps we are losing events. If we are working 
-		 * in relax mode then add a new entry to the cache.
-		 *
-		 * FIXME: relax transitions not implemented yet
-		 */
-		if ((CONFIG(flags) & RELAX_TRANSITIONS)
-		    && cache_add(STATE_STATS(cache), ct)) {
-			debug_ct(ct, "forcing cache update");
-		} else {
-			debug_ct(ct, "can't update");
-			return;
-		}
+	if (!cache_update_force(STATE_STATS(cache), ct)) {
+		debug_ct(ct, "can't update");
+		return;
 	}
 	debug_ct(ct, "update");
 }

Modified: trunk/conntrack-tools/src/sync-mode.c
===================================================================
--- trunk/conntrack-tools/src/sync-mode.c	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/sync-mode.c	2007-06-04 15:19:42 UTC (rev 6858)
@@ -32,26 +32,25 @@
 static void mcast_handler()
 {
 	int ret;
-	char buf[4096], tmp[256];
-	struct mcast_sock *m = STATE_SYNC(mcast_server);
-	unsigned int type;
-	struct nlnetwork *net = (struct nlnetwork *) buf;
-	unsigned int size = sizeof(struct nlnetwork);
-	struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size);
-	struct nf_conntrack *ct = (struct nf_conntrack *) tmp;
+	unsigned int type, size = sizeof(struct nlnetwork);
+	char __net[4096];
+	struct nlnetwork *net = (struct nlnetwork *) __net;
+	struct nlmsghdr *nlh = (struct nlmsghdr *) (__net + size);
+	char __ct[nfct_maxsize()];
+	struct nf_conntrack *ct = (struct nf_conntrack *) __ct;
 	struct us_conntrack *u = NULL;
 
-	memset(tmp, 0, sizeof(tmp));
-
-	ret = mcast_recv_netmsg(m, buf, sizeof(buf));
+	ret = mcast_recv_netmsg(STATE_SYNC(mcast_server), net, sizeof(__net));
 	if (ret <= 0) {
 		STATE(malformed)++;
 		return;
 	}
 
-	if (STATE_SYNC(mcast_sync)->pre_recv(net))
+	if (STATE_SYNC(sync)->recv(net))
 		return;
 
+	memset(ct, 0, sizeof(__ct));
+
 	if ((type = parse_network_msg(ct, nlh)) == NFCT_T_ERROR) {
 		STATE(malformed)++;
 		return;
@@ -111,19 +110,19 @@
 	memset(state.sync, 0, sizeof(struct ct_sync_state));
 
 	if (CONFIG(flags) & SYNC_MODE_NACK)
-		STATE_SYNC(mcast_sync) = &nack;
+		STATE_SYNC(sync) = &nack;
 	else
 		/* default to persistent mode */
-		STATE_SYNC(mcast_sync) = &notrack;
+		STATE_SYNC(sync) = &notrack;
 
-	if (STATE_SYNC(mcast_sync)->init)
-		STATE_SYNC(mcast_sync)->init();
+	if (STATE_SYNC(sync)->init)
+		STATE_SYNC(sync)->init();
 
 	STATE_SYNC(internal) =
 		cache_create("internal", 
-			     STATE_SYNC(mcast_sync)->internal_cache_flags,
+			     STATE_SYNC(sync)->internal_cache_flags,
 			     CONFIG(family),
-			     STATE_SYNC(mcast_sync)->internal_cache_extra);
+			     STATE_SYNC(sync)->internal_cache_extra);
 
 	if (!STATE_SYNC(internal)) {
 		dlog(STATE(log), "[FAIL] can't allocate memory for "
@@ -133,7 +132,7 @@
 
 	STATE_SYNC(external) = 
 		cache_create("external",
-			     STATE_SYNC(mcast_sync)->external_cache_flags,
+			     STATE_SYNC(sync)->external_cache_flags,
 			     CONFIG(family),
 			     NULL);
 
@@ -192,8 +191,8 @@
 
 	destroy_alarm_thread();
 
-	if (STATE_SYNC(mcast_sync)->kill)
-		STATE_SYNC(mcast_sync)->kill();
+	if (STATE_SYNC(sync)->kill)
+		STATE_SYNC(sync)->kill();
 }
 
 static dump_stats_sync(int fd)
@@ -253,8 +252,8 @@
 		cache_bulk(STATE_SYNC(internal));
 		break;
 	default:
-		if (STATE_SYNC(mcast_sync)->local)
-			ret = STATE_SYNC(mcast_sync)->local(fd, type, data);
+		if (STATE_SYNC(sync)->local)
+			ret = STATE_SYNC(sync)->local(fd, type, data);
 		break;
 	}
 
@@ -280,17 +279,18 @@
 			    struct nf_conntrack *ct,
 			    int type)
 {
-	char buf[4096];
-	struct nlnetwork *net = (struct nlnetwork *) buf;
+	char __net[4096];
+	struct nlnetwork *net = (struct nlnetwork *) __net;
 
-	memset(buf, 0, sizeof(buf));
+	memset(__net, 0, sizeof(__net));
 
 	if (!state_helper_verdict(type, ct))
 		return;
 
-	memcpy(buf + sizeof(struct nlnetwork), nlh, nlh->nlmsg_len);
-	mcast_send_netmsg(STATE_SYNC(mcast_client), net); 
-	STATE_SYNC(mcast_sync)->post_send(type, net, u);
+	memcpy(__net + sizeof(struct nlnetwork), nlh, nlh->nlmsg_len);
+	mcast_send_netmsg(STATE_SYNC(mcast_client), net);
+	if (STATE_SYNC(sync)->send)
+		STATE_SYNC(sync)->send(type, net, u);
 }
 
 static int overrun_cb(enum nf_conntrack_msg_type type,
@@ -313,18 +313,16 @@
 	if (!cache_test(STATE_SYNC(internal), ct)) {
 		if ((u = cache_update_force(STATE_SYNC(internal), ct))) {
 			int ret;
-			char buf[4096];
-			struct nlnetwork *net = (struct nlnetwork *) buf;
-			unsigned int size = sizeof(struct nlnetwork);
-			struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size);
+			char __nlh[4096];
+			struct nlmsghdr *nlh = (struct nlmsghdr *) __nlh;
 
 			debug_ct(u->ct, "overrun resync");
 
-			ret = build_network_msg(NFCT_Q_UPDATE,
-						STATE(subsys_dump),
-						u->ct,
-						buf,
-						sizeof(buf));
+			ret = nfct_build_query(STATE(subsys_dump),
+					       NFCT_Q_UPDATE,
+					       u->ct,
+					       __nlh,
+					       sizeof(__nlh));
 
 			if (ret == -1) {
 				dlog(STATE(log), "can't build overrun");
@@ -346,19 +344,17 @@
 
 	ret = nfct_query(h, NFCT_Q_GET, u->ct);
 	if (ret == -1 && errno == ENOENT) {
-		char buf[4096];
-		struct nlnetwork *net = (struct nlnetwork *) buf;
-		unsigned int size = sizeof(struct nlnetwork);
-		struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size);
+		char __nlh[4096];
+		struct nlmsghdr *nlh = (struct nlmsghdr *) (__nlh);
 
 		debug_ct(u->ct, "overrun purge resync");
+	
+		ret = nfct_build_query(STATE(subsys_dump),
+				       NFCT_Q_DESTROY,
+				       u->ct,
+				       __nlh,
+				       sizeof(__nlh));
 
-		ret = build_network_msg(NFCT_Q_DESTROY,
-					STATE(subsys_dump),
-					u->ct,
-					buf,
-					sizeof(buf));
-
 		if (ret == -1)
 			dlog(STATE(log), "failed to build network message");
 
@@ -411,18 +407,6 @@
 		debug_ct(u->ct, "internal new");
 	} else {
 		if (errno == EEXIST) {
-			char buf[4096];
-			unsigned int size = sizeof(struct nlnetwork);
-			struct nlmsghdr *nlh = (struct nlmsghdr *) (buf + size);
-
-			int ret = build_network_msg(NFCT_Q_DESTROY,
-						    STATE(subsys_event),
-						    ct,
-						    buf,
-						    sizeof(buf));
-			if (ret == -1)
-				return;
-
 			cache_del(STATE_SYNC(internal), ct);
 			mcast_send_sync(nlh, NULL, ct, NFCT_T_DESTROY);
 			goto retry;
@@ -440,7 +424,7 @@
 
 	nfct_attr_unset(ct, ATTR_TIMEOUT);
 
-	if ((u = cache_update(STATE_SYNC(internal), ct)) == NULL) {
+	if ((u = cache_update_force(STATE_SYNC(internal), ct)) == NULL) {
 		debug_ct(ct, "can't update");
 		return;
 	}

Modified: trunk/conntrack-tools/src/sync-nack.c
===================================================================
--- trunk/conntrack-tools/src/sync-nack.c	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/sync-nack.c	2007-06-04 15:19:42 UTC (rev 6858)
@@ -136,7 +136,7 @@
 
 	unsigned old_seq = ntohl(net->seq);
 
-	if (ntohl(net->seq) >= nack->from && ntohl(net->seq) <= nack->to) {
+	if (between(ntohl(net->seq), nack->from, nack->to)) {
 		if (mcast_resend_netmsg(STATE_SYNC(mcast_client), net))
 			dp("resend destroy (old seq=%u) (seq=%u)\n", 
 			   old_seq, ntohl(net->seq));
@@ -149,7 +149,7 @@
 	struct nlnetwork *net = data1;
 	struct nlnetwork_ack *h = data2;
 
-	if (ntohl(net->seq) >= h->from && ntohl(net->seq) <= h->to) {
+	if (between(ntohl(net->seq), h->from, h->to)) {
 		dp("remove from buffer (seq=%u)\n", ntohl(net->seq));
 		__buffer_del(STATE_SYNC(buffer), data1);
 	}
@@ -169,7 +169,7 @@
 		
 		u = cache_get_conntrack(STATE_SYNC(internal), cn);
 
-		if (cn->seq >= from && cn->seq <= to) {
+		if (between(cn->seq, from, to)) {
 			debug_ct(u->ct, "resend nack");
 			dp("resending nack'ed (oldseq=%u) ", cn->seq);
 
@@ -186,10 +186,9 @@
 				break;
 			}
 
-			mcast_send_netmsg(STATE_SYNC(mcast_client), buf); 
-			STATE_SYNC(mcast_sync)->post_send(NFCT_T_UPDATE,
-							  net, 
-							  u);
+			mcast_send_netmsg(STATE_SYNC(mcast_client), buf);
+			if (STATE_SYNC(sync)->send)
+				STATE_SYNC(sync)->send(NFCT_T_UPDATE, net, u);
 			dp("(newseq=%u)\n", *seq);
 		} 
 	}
@@ -208,7 +207,7 @@
 		struct cache_nack *cn = (struct cache_nack *) n;
 
 		u = cache_get_conntrack(STATE_SYNC(internal), cn);
-		if (cn->seq >= from && cn->seq <= to) {
+		if (between(cn->seq, from, to)) {
 			dp("remove %u\n", cn->seq);
 			debug_ct(u->ct, "ack received: empty queue");
 			dp("queue: deleting from queue (seq=%u)\n", cn->seq);
@@ -219,7 +218,7 @@
 	unlock();
 }
 
-static int nack_pre_recv(const struct nlnetwork *net)
+static int nack_recv(const struct nlnetwork *net)
 {
 	static unsigned int window = 0;
 	unsigned int exp_seq;
@@ -262,9 +261,9 @@
 	return 0;
 }
 
-static void nack_post_send(int type, 
-			   const struct nlnetwork *net, 
-			   struct us_conntrack *u)
+static void nack_send(int type, 
+		      const struct nlnetwork *net,
+		      struct us_conntrack *u)
 {
 	unsigned int size = sizeof(struct nlnetwork); 
  	struct nlmsghdr *nlh = (struct nlmsghdr *) ((void *) net + size);
@@ -301,6 +300,6 @@
 	.init			= nack_init,
 	.kill			= nack_kill,
 	.local			= nack_local,
-	.pre_recv		= nack_pre_recv,
-	.post_send		= nack_post_send,
+	.recv			= nack_recv,
+	.send			= nack_send,
 };

Modified: trunk/conntrack-tools/src/sync-notrack.c
===================================================================
--- trunk/conntrack-tools/src/sync-notrack.c	2007-06-04 13:57:36 UTC (rev 6857)
+++ trunk/conntrack-tools/src/sync-notrack.c	2007-06-04 15:19:42 UTC (rev 6858)
@@ -25,33 +25,18 @@
 static void refresher(struct alarm_list *a, void *data)
 {
 	struct us_conntrack *u = data;
-	char buf[8192];
+	char __net[4096];
 	int size;
 
-	if (nfct_get_attr_u32(u->ct, ATTR_STATUS) & IPS_DYING) {
-		
-		debug_ct(u->ct, "persistence destroy");
+	debug_ct(u->ct, "persistence update");
 
-		size = build_network_msg(NFCT_Q_DESTROY,
-					 STATE(subsys_event),
-					 u->ct,
-					 buf,
-					 sizeof(buf));
-
-		__cache_del(u->cache, u->ct);
-		mcast_send_netmsg(STATE_SYNC(mcast_client), buf);
-	} else {
-		
-		debug_ct(u->ct, "persistence update");
-
-		a->expires = random() % CONFIG(refresh) + 1;
-		size = build_network_msg(NFCT_Q_UPDATE,
-					 STATE(subsys_event),
-					 u->ct,
-					 buf, 
-					 sizeof(buf));
-		mcast_send_netmsg(STATE_SYNC(mcast_client), buf);
-	}
+	a->expires = random() % CONFIG(refresh) + 1;
+	size = build_network_msg(NFCT_Q_UPDATE,
+				 STATE(subsys_event),
+				 u->ct,
+				 __net, 
+				 sizeof(__net));
+	mcast_send_netmsg(STATE_SYNC(mcast_client), __net);
 }
 
 static void cache_notrack_add(struct us_conntrack *u, void *data)
@@ -84,7 +69,7 @@
 	.destroy	= cache_notrack_destroy
 };
 
-static int notrack_pre_recv(const struct nlnetwork *net)
+static int notrack_recv(const struct nlnetwork *net)
 {
 	unsigned int exp_seq;
 
@@ -114,16 +99,9 @@
 	return 0;
 }
 
-static void notrack_post_send(int type,
-			      const struct nlnetwork *n, 
-			      struct us_conntrack *u)
-{
-}
-
 struct sync_mode notrack = {
 	.internal_cache_flags	= LIFETIME,
 	.external_cache_flags	= TIMER | LIFETIME,
 	.internal_cache_extra	= &cache_notrack_extra,
-	.pre_recv 		= notrack_pre_recv,
-	.post_send		= notrack_post_send,
+	.recv 			= notrack_recv,
 };




More information about the netfilter-cvslog mailing list