[conntrack-tools] conntrackd: use a permanent handler for commit operations

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Thu Jun 11 19:47:50 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=9163f4673d919658c94f9de4ca32a2e9dacce2fd
commit 9163f4673d919658c94f9de4ca32a2e9dacce2fd
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Jun 11 19:34:54 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Jun 11 19:34:54 2009 +0200

    conntrackd: use a permanent handler for commit operations
    
    This patch adds a dedicated commit handler since there is a possible
    race condition that can happen if the child process ends before we
    have received all the event messages that the commit request has
    triggered.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 6dad06ec56eeb942a1785246bf91fe7100a21c7e
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Jun 11 19:34:54 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Jun 11 19:34:54 2009 +0200

    conntrackd: use a permanent handler for flush operations
    
    In 6f5666a29cb7cbff08ce926ee1edb84a311ff6ee, I moved the flush
    operation into a child process and to use a disposable handler
    to perform flush requests. This patch adds a dedicated flush
    handler since there is a possible race condition that can
    happen if the child process ends before we have received all
    the event messages that the flush request has triggered.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 5e696e022d8383bc7abe6e6ba37c2664679fe81f
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Jun 11 19:34:50 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Jun 11 19:34:50 2009 +0200

    conntrackd: allow to limit the number of simultaneous child processes
    
    This patch allows to limit the number of simultaneous child processes.
    This is required by the next patch that replaces disposable handlers
    to commit and flush with permanent handlers.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0121fd74b805a6490f005c835b3994fa06487395
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Jun 11 19:27:44 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Jun 11 19:27:44 2009 +0200

    conntrackd: block signals during the access to the process list
    
    A child process may finish while we are walking on the process list.
    This fixes possible concurrency problems.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 6cd381e590bf28c180c089b47667defe4b6ff3eb
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Jun 11 19:26:49 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Jun 11 19:26:49 2009 +0200

    conntrackd: add missing initialization of PID in process infrastructure
    
    In 0374398fd14bf587d80d9d31e361e266e69387c8, I introduced the process
    infrastructure. However, that patch missed the PID initialization.
    Without this patch, the process structures are never released.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  9163f4673d919658c94f9de4ca32a2e9dacce2fd (commit)
       via  6dad06ec56eeb942a1785246bf91fe7100a21c7e (commit)
       via  5e696e022d8383bc7abe6e6ba37c2664679fe81f (commit)
       via  0121fd74b805a6490f005c835b3994fa06487395 (commit)
       via  6cd381e590bf28c180c089b47667defe4b6ff3eb (commit)
      from  c72da10b9b1193f7ecb84a5db7dbf943891b9e96 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9163f4673d919658c94f9de4ca32a2e9dacce2fd
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Jun 11 19:34:54 2009 +0200

    conntrackd: use a permanent handler for commit operations
    
    This patch adds a dedicated commit handler since there is a possible
    race condition that can happen if the child process ends before we
    have received all the event messages that the commit request has
    triggered.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 6dad06ec56eeb942a1785246bf91fe7100a21c7e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Jun 11 19:34:54 2009 +0200

    conntrackd: use a permanent handler for flush operations
    
    In 6f5666a29cb7cbff08ce926ee1edb84a311ff6ee, I moved the flush
    operation into a child process and to use a disposable handler
    to perform flush requests. This patch adds a dedicated flush
    handler since there is a possible race condition that can
    happen if the child process ends before we have received all
    the event messages that the flush request has triggered.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 5e696e022d8383bc7abe6e6ba37c2664679fe81f
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Jun 11 19:34:50 2009 +0200

    conntrackd: allow to limit the number of simultaneous child processes
    
    This patch allows to limit the number of simultaneous child processes.
    This is required by the next patch that replaces disposable handlers
    to commit and flush with permanent handlers.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0121fd74b805a6490f005c835b3994fa06487395
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Jun 11 19:27:44 2009 +0200

    conntrackd: block signals during the access to the process list
    
    A child process may finish while we are walking on the process list.
    This fixes possible concurrency problems.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 6cd381e590bf28c180c089b47667defe4b6ff3eb
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Jun 11 19:26:49 2009 +0200

    conntrackd: add missing initialization of PID in process infrastructure
    
    In 0374398fd14bf587d80d9d31e361e266e69387c8, I introduced the process
    infrastructure. However, that patch missed the PID initialization.
    Without this patch, the process structures are never released.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 include/conntrackd.h |    3 ++
 include/process.h    |   11 +++++++-
 src/process.c        |   33 ++++++++++++++++++++---
 src/run.c            |   36 ++++++++++----------------
 src/sync-mode.c      |   68 +++++++++++++++----------------------------------
 5 files changed, 76 insertions(+), 75 deletions(-)
In 0374398fd14bf587d80d9d31e361e266e69387c8, I introduced the process
infrastructure. However, that patch missed the PID initialization.
Without this patch, the process structures are never released.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/process.c b/src/process.c
index a89f388..70972fe 100644
--- a/src/process.c
+++ b/src/process.c
@@ -24,6 +24,7 @@ static LIST_HEAD(process_list);
 int fork_process_new(void (*cb)(void *data), void *data)
 {
 	struct child_process *c;
+	int pid;
 
 	c = calloc(sizeof(struct child_process), 1);
 	if (c == NULL)
@@ -31,10 +32,12 @@ int fork_process_new(void (*cb)(void *data), void *data)
 
 	c->cb = cb;
 	c->data = data;
+	c->pid = pid = fork();
 
-	list_add(&c->head, &process_list);
+	if (c->pid > 0)
+		list_add(&c->head, &process_list);
 
-	return fork();
+	return pid;
 }
 
 int fork_process_delete(int pid)

More information about the netfilter-cvslog mailing list