[conntrack-tools] network: rework TLV-based protocol
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sun Nov 2 21:38:51 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=76ac8ebe5e49385585c8e29fe530ed4baef390bf
commit 76ac8ebe5e49385585c8e29fe530ed4baef390bf
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Nov 2 21:35:42 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Nov 2 21:35:42 2008 +0100
network: rework TLV-based protocol
This patch reworks the TLV-based protocol to reduce the overhead
in the message building. The idea is to group some attributes
that must be present in a consistent configuration. Putting them
together help us to save some cycles in the message building.
Now, oprofile reports ~15% of samples in the build path instead
of ~25%. CPU consumption for 3000 HTTP GET requests per second
(1000 concurrent with apache benchmark tool) is ~45% in my
testbed, that is ~19% more consumption than with no replication
at all.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 64ce47955778805afceb6ced58b63839763541ad
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Nov 2 21:29:04 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Nov 2 21:29:04 2008 +0100
network: add protocol version field (breaks backward compatibility)
This patch adds the version field (8-bits long) to the nethdr
structure. This fields can be used to indicate the protocol version
in case that we detect an incompatibility between two conntrackd
daemons working with different protocol versions.
Unfortunately, this patch breaks backward compatibility, ie.
conntrackd <= 0.9.8 protocol is not compatible with the upcoming
conntrackd >= 0.9.9. Better do this now than later.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 76ac8ebe5e49385585c8e29fe530ed4baef390bf (commit)
via 64ce47955778805afceb6ced58b63839763541ad (commit)
from 43694a92f5521537109f14ec5fb9c8f4b2a821f6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 76ac8ebe5e49385585c8e29fe530ed4baef390bf
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Nov 2 21:35:42 2008 +0100
network: rework TLV-based protocol
This patch reworks the TLV-based protocol to reduce the overhead
in the message building. The idea is to group some attributes
that must be present in a consistent configuration. Putting them
together help us to save some cycles in the message building.
Now, oprofile reports ~15% of samples in the build path instead
of ~25%. CPU consumption for 3000 HTTP GET requests per second
(1000 concurrent with apache benchmark tool) is ~45% in my
testbed, that is ~19% more consumption than with no replication
at all.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 64ce47955778805afceb6ced58b63839763541ad
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Nov 2 21:29:04 2008 +0100
network: add protocol version field (breaks backward compatibility)
This patch adds the version field (8-bits long) to the nethdr
structure. This fields can be used to indicate the protocol version
in case that we detect an incompatibility between two conntrackd
daemons working with different protocol versions.
Unfortunately, this patch breaks backward compatibility, ie.
conntrackd <= 0.9.8 protocol is not compatible with the upcoming
conntrackd >= 0.9.9. Better do this now than later.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
configure.in | 2 +-
include/network.h | 39 +++++++++-
src/build.c | 202 ++++++++++++++++++++++++++---------------------------
src/network.c | 4 +-
src/parse.c | 153 +++++++++++++++++++++++++++++-----------
src/sync-ftfw.c | 11 +--
src/sync-mode.c | 8 ++-
7 files changed, 259 insertions(+), 160 deletions(-)
This patch adds the version field (8-bits long) to the nethdr
structure. This fields can be used to indicate the protocol version
in case that we detect an incompatibility between two conntrackd
daemons working with different protocol versions.
Unfortunately, this patch breaks backward compatibility, ie.
conntrackd <= 0.9.8 protocol is not compatible with the upcoming
conntrackd >= 0.9.9. Better do this now than later.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/include/network.h b/include/network.h
index d2e4edd..d2431f9 100644
--- a/include/network.h
+++ b/include/network.h
@@ -4,10 +4,13 @@
#include <stdint.h>
#include <sys/types.h>
+#define CONNTRACKD_PROTOCOL_VERSION 0
+
struct nf_conntrack;
struct nethdr {
- uint16_t flags;
+ uint8_t version;
+ uint8_t flags;
uint16_t len;
uint32_t seq;
};
@@ -17,7 +20,8 @@ struct nethdr {
(struct netpld *)(((char *)x) + sizeof(struct nethdr))
struct nethdr_ack {
- uint16_t flags;
+ uint8_t version;
+ uint8_t flags;
uint16_t len;
uint32_t seq;
uint32_t from;
@@ -87,7 +91,6 @@ ssize_t mcast_buffered_pending_netmsg(struct mcast_sock *m);
#define HDR_NETWORK2HOST(x) \
({ \
- x->flags = ntohs(x->flags); \
x->len = ntohs(x->len); \
x->seq = ntohl(x->seq); \
if (IS_CTL(x)) { \
@@ -104,7 +107,6 @@ ssize_t mcast_buffered_pending_netmsg(struct mcast_sock *m);
__ack->from = htonl(__ack->from); \
__ack->to = htonl(__ack->to); \
} \
- x->flags = htons(x->flags); \
x->len = htons(x->len); \
x->seq = htonl(x->seq); \
})
diff --git a/src/network.c b/src/network.c
index 7d1d9fa..04c9d39 100644
--- a/src/network.c
+++ b/src/network.c
@@ -32,8 +32,7 @@ static size_t __do_send(struct mcast_sock *m, void *data, size_t len)
struct nethdr *net = data;
debug("send sq: %u fl:%u len:%u\n",
- ntohl(net->seq), ntohs(net->flags),
- ntohs(net->len));
+ ntohl(net->seq), net->flags, ntohs(net->len));
return mcast_send(m, net, len);
}
@@ -46,6 +45,7 @@ static size_t __do_prepare(struct mcast_sock *m, void *data, size_t len)
seq_set = 1;
cur_seq = time(NULL);
}
+ net->version = CONNTRACKD_PROTOCOL_VERSION;
net->len = len;
net->seq = cur_seq++;
HDR_HOST2NETWORK(net);
diff --git a/src/sync-ftfw.c b/src/sync-ftfw.c
index ed97ceb..598945f 100644
--- a/src/sync-ftfw.c
+++ b/src/sync-ftfw.c
@@ -477,14 +477,12 @@ static void ftfw_send(struct nethdr *net, struct us_conntrack *u)
hello_state = HELLO_SAY;
/* fall through */
case HELLO_SAY:
- net->flags = ntohs(net->flags) | NET_F_HELLO;
- net->flags = htons(net->flags);
+ net->flags |= NET_F_HELLO;
break;
}
if (say_hello_back) {
- net->flags = ntohs(net->flags) | NET_F_HELLO_BACK;
- net->flags = htons(net->flags);
+ net->flags |= NET_F_HELLO_BACK;
say_hello_back = 0;
}
@@ -501,7 +499,7 @@ static int tx_queue_xmit(void *data1, const void *data2)
size_t len = prepare_send_netmsg(STATE_SYNC(mcast_client), net);
dp("tx_queue sq: %u fl:%u len:%u\n",
- ntohl(net->seq), ntohs(net->flags), ntohs(net->len));
+ ntohl(net->seq), net->flags, ntohs(net->len));
mcast_buffered_send_netmsg(STATE_SYNC(mcast_client), net, len);
HDR_NETWORK2HOST(net);
@@ -521,8 +519,7 @@ static int tx_list_xmit(struct list_head *i, struct us_conntrack *u, int type)
size_t len = prepare_send_netmsg(STATE_SYNC(mcast_client), net);
dp("tx_list sq: %u fl:%u len:%u\n",
- ntohl(net->seq), ntohs(net->flags),
- ntohs(net->len));
+ ntohl(net->seq), net->flags, ntohs(net->len));
list_del_init(i);
tx_list_len--;
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 4c22745..152a8e2 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -41,6 +41,12 @@ static void do_mcast_handler_step(struct nethdr *net, size_t remain)
struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
struct us_conntrack *u;
+ if (net->version != CONNTRACKD_PROTOCOL_VERSION) {
+ STATE(malformed)++;
+ dlog(LOG_WARNING, "wrong protocol version `%u'", net->version);
+ return;
+ }
+
switch (STATE_SYNC(sync)->recv(net)) {
case MSG_DATA:
break;
@@ -144,7 +150,7 @@ static void mcast_handler(void)
}
debug("recv sq: %u fl:%u len:%u (rem:%d)\n",
- ntohl(net->seq), ntohs(net->flags),
+ ntohl(net->seq), net->flags,
ntohs(net->len), remain);
HDR_NETWORK2HOST(net);
More information about the netfilter-cvslog
mailing list