[conntrack-tools] sync-mode: flush also internal cache after reset PurgeTimeout

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Sun Feb 8 19:41:57 CET 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=9c3690c82cc394214b0026157cb9ab1885542ec9
commit 9c3690c82cc394214b0026157cb9ab1885542ec9
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Feb 8 19:41:23 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Feb 8 19:41:23 2009 +0100

    sync-mode: flush also internal cache after reset PurgeTimeout
    
    Currently, the daemon sends a flush request to the kernel-space.
    With lots of entries and NetlinkOverrunResync disabled, the daemon
    remains in an inconsistent state due to an overrun produced by the
    flush report to userspace. With this patch, the daemon also flush
    its internal cache after the kernel flush request.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  9c3690c82cc394214b0026157cb9ab1885542ec9 (commit)
      from  f3464ea99081fbe4f429f030ea99c60e2338c047 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9c3690c82cc394214b0026157cb9ab1885542ec9
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sun Feb 8 19:41:23 2009 +0100

    sync-mode: flush also internal cache after reset PurgeTimeout
    
    Currently, the daemon sends a flush request to the kernel-space.
    With lots of entries and NetlinkOverrunResync disabled, the daemon
    remains in an inconsistent state due to an overrun produced by the
    flush report to userspace. With this patch, the daemon also flush
    its internal cache after the kernel flush request.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 src/sync-mode.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
Currently, the daemon sends a flush request to the kernel-space.
With lots of entries and NetlinkOverrunResync disabled, the daemon
remains in an inconsistent state due to an overrun produced by the
flush report to userspace. With this patch, the daemon also flush
its internal cache after the kernel flush request.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/sync-mode.c b/src/sync-mode.c
index 8174681..63948f1 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -210,6 +210,7 @@ static void do_reset_cache_alarm(struct alarm_block *a, void *data)
 	STATE(stats).nl_kernel_table_flush++;
 	dlog(LOG_NOTICE, "flushing kernel conntrack table (scheduled)");
 	nl_flush_conntrack_table(STATE(request));
+	cache_flush(STATE_SYNC(internal));
 }
 
 static int init_sync(void)

More information about the netfilter-cvslog mailing list