[conntrack-tools] conntrackd: reset event limit iteration counter
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sun Jul 19 15:35:39 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=441342f4701a4bbc41c24721d4c60b857e1c5d1e
commit 441342f4701a4bbc41c24721d4c60b857e1c5d1e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Jul 19 15:34:56 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Jul 19 15:34:56 2009 +0200
conntrackd: reset event limit iteration counter
With this patch, we reset the event iteration limit counter after
we have performed an event handling run. Thus, every run loop
always performs a maximum of EventIterationLimit event handling
instead of keeping the old credits for the next run loop.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 4694ae1e0939f69f4d2696b0caff62ce6a17d92f
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Jul 19 15:31:25 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Jul 19 15:31:25 2009 +0200
conntrackd: improve handling of external messages
With this patch, a) we set the file descriptors for the
synchronization channels as non-blocking, b) we perform more than
one recv() call per select() signal on the socket and c) we limit
the iteration to the value that EventIterationLimit has set.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 651794575c844fe25a717d77bd088c51383067f0
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Jul 19 15:28:34 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Jul 19 15:28:34 2009 +0200
conntrackd: rework commit not to fork a child process
This patch reworks the commit phase to avoid the forking. This is
particularly useful in active-active setups in which one node
has to commit the external cache while it is receiving new entries
to be added in the external cache. This results in really high
commit times due to the penalty of the copy-on-write that fork
performs.
The default number of steps in one run loop is limited to 64 by now.
No option to tune this parameter is still available via the
configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit a1d03b775376aa8545ec9a0e89381b659e4d28ed
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Jul 17 13:36:05 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Jul 17 13:36:05 2009 +0200
conntrackd: add iterators with limited steps in hash and cache types
This patch adds cache_iterate_limit() and hashtable_iterate_limit()
that allows to limit the iteration to given a number of states.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 9406f29b89f6727c3db5485d109466701393b4d4
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Jul 17 13:33:36 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Jul 17 13:33:36 2009 +0200
local: add LOCAL_RET_* return values for UNIX sockets callbacks
This patch adds the LOCAL_RET_* return values. The return value
LOCAL_RET_STOLEN which allows to leave a client socket open while
waiting for an operation to finish.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 441342f4701a4bbc41c24721d4c60b857e1c5d1e (commit)
via 4694ae1e0939f69f4d2696b0caff62ce6a17d92f (commit)
via 651794575c844fe25a717d77bd088c51383067f0 (commit)
via a1d03b775376aa8545ec9a0e89381b659e4d28ed (commit)
via 9406f29b89f6727c3db5485d109466701393b4d4 (commit)
from 589fd85fa48b8e1da2debd08b90a6062cf64ef15 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 441342f4701a4bbc41c24721d4c60b857e1c5d1e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Jul 19 15:34:56 2009 +0200
conntrackd: reset event limit iteration counter
With this patch, we reset the event iteration limit counter after
we have performed an event handling run. Thus, every run loop
always performs a maximum of EventIterationLimit event handling
instead of keeping the old credits for the next run loop.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 4694ae1e0939f69f4d2696b0caff62ce6a17d92f
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Jul 19 15:31:25 2009 +0200
conntrackd: improve handling of external messages
With this patch, a) we set the file descriptors for the
synchronization channels as non-blocking, b) we perform more than
one recv() call per select() signal on the socket and c) we limit
the iteration to the value that EventIterationLimit has set.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 651794575c844fe25a717d77bd088c51383067f0
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Jul 19 15:28:34 2009 +0200
conntrackd: rework commit not to fork a child process
This patch reworks the commit phase to avoid the forking. This is
particularly useful in active-active setups in which one node
has to commit the external cache while it is receiving new entries
to be added in the external cache. This results in really high
commit times due to the penalty of the copy-on-write that fork
performs.
The default number of steps in one run loop is limited to 64 by now.
No option to tune this parameter is still available via the
configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit a1d03b775376aa8545ec9a0e89381b659e4d28ed
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Fri Jul 17 13:36:05 2009 +0200
conntrackd: add iterators with limited steps in hash and cache types
This patch adds cache_iterate_limit() and hashtable_iterate_limit()
that allows to limit the iteration to given a number of states.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 9406f29b89f6727c3db5485d109466701393b4d4
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Fri Jul 17 13:33:36 2009 +0200
local: add LOCAL_RET_* return values for UNIX sockets callbacks
This patch adds the LOCAL_RET_* return values. The return value
LOCAL_RET_STOLEN which allows to leave a client socket open while
waiting for an operation to finish.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
include/cache.h | 3 +-
include/conntrackd.h | 23 ++++++++++--
include/hash.h | 3 +-
include/local.h | 7 +++-
src/cache.c | 7 ++++
src/cache_iterators.c | 95 ++++++++++++++++++++++++++++++++++---------------
src/hash.c | 17 +++++++--
src/local.c | 7 ++--
src/mcast.c | 3 +-
src/read_config_yy.y | 5 +++
src/run.c | 25 ++++++++-----
src/stats-mode.c | 2 +-
src/sync-ftfw.c | 5 +--
src/sync-mode.c | 59 ++++++++++++++++++++++--------
src/udp.c | 3 +-
15 files changed, 190 insertions(+), 74 deletions(-)
This patch adds the LOCAL_RET_* return values. The return value
LOCAL_RET_STOLEN which allows to leave a client socket open while
waiting for an operation to finish.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 040c252..417bac6 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -234,7 +234,6 @@ extern struct ct_mode stats_mode;
/* These live in run.c */
void killer(int foo);
-void local_handler(int fd, void *data);
int init(void);
void run(void);
diff --git a/include/local.h b/include/local.h
index 6940755..f9121b1 100644
--- a/include/local.h
+++ b/include/local.h
@@ -16,11 +16,16 @@ struct local_server {
char path[UNIX_PATH_MAX];
};
+/* callback return values */
+#define LOCAL_RET_ERROR -1
+#define LOCAL_RET_OK 0
+#define LOCAL_RET_STOLEN 1
+
/* local server */
int local_server_create(struct local_server *server, struct local_conf *conf);
void local_server_destroy(struct local_server *server);
int do_local_server_step(struct local_server *server, void *data,
- void (*process)(int fd, void *data));
+ int (*process)(int fd, void *data));
/* local client */
int local_client_create(struct local_conf *conf);
diff --git a/src/local.c b/src/local.c
index 4739e56..feff608 100644
--- a/src/local.c
+++ b/src/local.c
@@ -72,7 +72,7 @@ void local_server_destroy(struct local_server *server)
}
int do_local_server_step(struct local_server *server, void *data,
- void (*process)(int fd, void *data))
+ int (*process)(int fd, void *data))
{
int rfd;
struct sockaddr_un local;
@@ -82,8 +82,9 @@ int do_local_server_step(struct local_server *server, void *data,
if (rfd == -1)
return -1;
- process(rfd, data);
- close(rfd);
+ /* This descriptor will be closed later, we ignore OK and errors */
+ if (process(rfd, data) != LOCAL_RET_STOLEN)
+ close(rfd);
return 0;
}
diff --git a/src/run.c b/src/run.c
index 95d51a2..87b6fb2 100644
--- a/src/run.c
+++ b/src/run.c
@@ -182,18 +182,18 @@ static void dump_stats_runtime(int fd)
send(fd, buf, size, 0);
}
-void local_handler(int fd, void *data)
+static int local_handler(int fd, void *data)
{
- int ret;
+ int ret = LOCAL_RET_OK;
int type;
ret = read(fd, &type, sizeof(type));
if (ret == -1) {
STATE(stats).local_read_failed++;
- return;
+ return LOCAL_RET_OK;
}
if (ret == 0)
- return;
+ return LOCAL_RET_OK;
switch(type) {
case FLUSH_MASTER:
@@ -207,22 +207,26 @@ void local_handler(int fd, void *data)
nl_flush_conntrack_table(STATE(flush));
exit(EXIT_SUCCESS);
}
- return;
+ break;
case RESYNC_MASTER:
STATE(stats).nl_kernel_table_resync++;
dlog(LOG_NOTICE, "resync with master table");
nl_dump_conntrack_table(STATE(dump));
- return;
+ break;
case STATS_RUNTIME:
dump_stats_runtime(fd);
- return;
+ break;
case STATS_PROCESS:
fork_process_dump(fd);
- return;
+ break;
}
- if (!STATE(mode)->local(fd, type, data))
+ ret = STATE(mode)->local(fd, type, data);
+ if (ret == LOCAL_RET_ERROR) {
STATE(stats).local_unknown_request++;
+ return LOCAL_RET_ERROR;
+ }
+ return ret;
}
static void do_overrun_resync_alarm(struct alarm_block *a, void *data)
diff --git a/src/stats-mode.c b/src/stats-mode.c
index b84c7a1..5cfb638 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -55,7 +55,7 @@ static void kill_stats(void)
/* handler for requests coming via UNIX socket */
static int local_handler_stats(int fd, int type, void *data)
{
- int ret = 1;
+ int ret = LOCAL_RET_OK;
switch(type) {
case DUMP_INTERNAL:
diff --git a/src/sync-ftfw.c b/src/sync-ftfw.c
index bf9f4f7..0d31e17 100644
--- a/src/sync-ftfw.c
+++ b/src/sync-ftfw.c
@@ -215,7 +215,7 @@ static void ftfw_local_queue(int fd)
static int ftfw_local(int fd, int type, void *data)
{
- int ret = 1;
+ int ret = LOCAL_RET_OK;
switch(type) {
case REQUEST_DUMP:
@@ -229,9 +229,6 @@ static int ftfw_local(int fd, int type, void *data)
case STATS_RSQUEUE:
ftfw_local_queue(fd);
break;
- default:
- ret = 0;
- break;
}
return ret;
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 4d6956e..b0e2b02 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -403,7 +403,7 @@ static void dump_stats_sync_extended(int fd)
/* handler for requests coming via UNIX socket */
static int local_handler_sync(int fd, int type, void *data)
{
- int ret = 1;
+ int ret = LOCAL_RET_OK;
switch(type) {
case DUMP_INTERNAL:
More information about the netfilter-cvslog
mailing list