[conntrack-tools] stats-mode: fix polling based logging

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Sat Feb 14 22:11:20 CET 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=fe42b4085b7dab5847bb29155ebc70b4d7880ebe
commit fe42b4085b7dab5847bb29155ebc70b4d7880ebe
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat Feb 14 21:54:50 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat Feb 14 21:54:50 2009 +0100

    stats-mode: fix polling based logging
    
    This patch fixes statistics logging based on polling.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit cedd1976acefbbf85d95a67a23c72ff011466d62
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat Feb 14 21:26:26 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat Feb 14 21:26:26 2009 +0100

    src: use resync handler for polling instead of dump handler
    
    This patch moves the polling logic into the resync handler. The
    dump handler action depended on the daemon working mode (polling
    or event-driven) resulting in an inconsistent behaviour.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  fe42b4085b7dab5847bb29155ebc70b4d7880ebe (commit)
       via  cedd1976acefbbf85d95a67a23c72ff011466d62 (commit)
      from  22aa75829c56d06e8c4964ce84553af5d053664a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fe42b4085b7dab5847bb29155ebc70b4d7880ebe
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sat Feb 14 21:54:50 2009 +0100

    stats-mode: fix polling based logging
    
    This patch fixes statistics logging based on polling.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit cedd1976acefbbf85d95a67a23c72ff011466d62
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sat Feb 14 21:26:26 2009 +0100

    src: use resync handler for polling instead of dump handler
    
    This patch moves the polling logic into the resync handler. The
    dump handler action depended on the daemon working mode (polling
    or event-driven) resulting in an inconsistent behaviour.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 src/run.c        |   41 ++++++++++++++++++++---------------------
 src/stats-mode.c |    1 +
 src/sync-mode.c  |   26 ++++++++++++++------------
 3 files changed, 35 insertions(+), 33 deletions(-)
This patch moves the polling logic into the resync handler. The
dump handler action depended on the daemon working mode (polling
or event-driven) resulting in an inconsistent behaviour.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/run.c b/src/run.c
index 5c2a3e7..6465699 100644
--- a/src/run.c
+++ b/src/run.c
@@ -40,10 +40,10 @@ void killer(int foo)
 	/* no signals while handling signals */
 	sigprocmask(SIG_BLOCK, &STATE(block), NULL);
 
-	if (!(CONFIG(flags) & CTD_POLL)) {
+	if (!(CONFIG(flags) & CTD_POLL))
 		nfct_close(STATE(event));
-		nfct_close(STATE(resync));
-	}
+
+	nfct_close(STATE(resync));
 	nfct_close(STATE(get));
 	nfct_close(STATE(request));
 
@@ -220,7 +220,7 @@ static void do_polling_alarm(struct alarm_block *a, void *data)
 	if (STATE(mode)->purge)
 		STATE(mode)->purge();
 
-	nl_send_resync(STATE(dump));
+	nl_send_resync(STATE(resync));
 	add_alarm(&STATE(polling_alarm), CONFIG(poll_kernel_secs), 0);
 }
 
@@ -333,21 +333,22 @@ init(void)
 		nfct_callback_register(STATE(event), NFCT_T_ALL,
 				       event_handler, NULL);
 		register_fd(nfct_fd(STATE(event)), STATE(fds));
+	}
 
-		STATE(resync) = nfct_open(CONNTRACK, 0);
-		if (STATE(resync)== NULL) {
-			dlog(LOG_ERR, "can't open netlink handler: %s",
-			     strerror(errno));
-			dlog(LOG_ERR, "no ctnetlink kernel support?");
-			return -1;
-		}
-		nfct_callback_register(STATE(resync),
-				       NFCT_T_ALL,
-				       STATE(mode)->resync,
-				       NULL);
-		register_fd(nfct_fd(STATE(resync)), STATE(fds));
-		fcntl(nfct_fd(STATE(resync)), F_SETFL, O_NONBLOCK);
+	/* resynchronize (like 'dump' socket) but it also purges old entries */
+	STATE(resync) = nfct_open(CONNTRACK, 0);
+	if (STATE(resync)== NULL) {
+		dlog(LOG_ERR, "can't open netlink handler: %s",
+		     strerror(errno));
+		dlog(LOG_ERR, "no ctnetlink kernel support?");
+		return -1;
 	}
+	nfct_callback_register(STATE(resync),
+			       NFCT_T_ALL,
+			       STATE(mode)->resync,
+			       NULL);
+	register_fd(nfct_fd(STATE(resync)), STATE(fds));
+	fcntl(nfct_fd(STATE(resync)), F_SETFL, O_NONBLOCK);
 
 	STATE(dump) = nfct_open(CONNTRACK, 0);
 	if (STATE(dump) == NULL) {
@@ -357,8 +358,6 @@ init(void)
 		return -1;
 	}
 	nfct_callback_register(STATE(dump), NFCT_T_ALL, dump_handler, NULL);
-	if (CONFIG(flags) & CTD_POLL)
-		register_fd(nfct_fd(STATE(dump)), STATE(fds));
 
 	if (nl_dump_conntrack_table(STATE(dump)) == -1) {
 		dlog(LOG_ERR, "can't get kernel conntrack table");
@@ -501,8 +500,8 @@ static void __run(struct timeval *next_alarm)
 		}
 	} else {
 		/* using polling mode */
-		if (FD_ISSET(nfct_fd(STATE(dump)), &readfds)) {
-			nfct_catch(STATE(dump));
+		if (FD_ISSET(nfct_fd(STATE(resync)), &readfds)) {
+			nfct_catch(STATE(resync));
 		}
 	}
 
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 63948f1..74eb36e 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -507,8 +507,6 @@ static void mcast_send_sync(struct cache_object *obj, int query)
 
 static void dump_sync(struct nf_conntrack *ct)
 {
-	struct cache_object *obj;
-
 	/* This is required by kernels < 2.6.20 */
 	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
 	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS);
@@ -516,13 +514,8 @@ static void dump_sync(struct nf_conntrack *ct)
 	nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS);
 	nfct_attr_unset(ct, ATTR_USE);
 
-	obj = cache_update_force(STATE_SYNC(internal), ct);
-	if ((CONFIG(flags) & CTD_POLL)) {
-		if (obj != NULL && obj->status == C_OBJ_NEW) {
-			debug_ct(ct, "poll");
-			mcast_send_sync(obj, NET_T_STATE_NEW);
-		}
-	}
+	if (cache_update_force(STATE_SYNC(internal), ct))
+		debug_ct(ct, "dump");
 }
 
 static int purge_step(void *data1, void *data2)
@@ -566,11 +559,20 @@ static int resync_sync(enum nf_conntrack_msg_type type,
 	nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS);
 	nfct_attr_unset(ct, ATTR_USE);
 
-	if ((obj = cache_update_force(STATE_SYNC(internal), ct))) {
-		debug_ct(obj->ct, "resync");
+	obj = cache_update_force(STATE_SYNC(internal), ct);
+	if (obj == NULL)
+		return NFCT_CB_CONTINUE;
+
+	switch (obj->status) {
+	case C_OBJ_NEW:
+		debug_ct(ct, "resync");
+		mcast_send_sync(obj, NET_T_STATE_NEW);
+		break;
+	case C_OBJ_ALIVE:
+		debug_ct(ct, "resync");
 		mcast_send_sync(obj, NET_T_STATE_UPD);
+		break;
 	}
-
 	return NFCT_CB_CONTINUE;
 }

More information about the netfilter-cvslog mailing list